├── AUTHORS.md
├── CODE_OF_CONDUCT.md
├── LICENSE.txt
├── README.md
└── vectors
├── aes.tjson
├── aes_cmac.tjson
├── aes_ctr.tjson
├── aes_pmac.tjson
├── aes_pmac_siv.tjson
├── aes_siv.tjson
├── aes_siv_aead.tjson
├── aes_siv_stream.tjson
└── dbl.tjson
/AUTHORS.md:
--------------------------------------------------------------------------------
1 | # Miscreant contributors
2 |
3 | The following people hold copyright over portions of the Miscreant project codebases
4 | and have granted the right to use their contributions under the terms of the
5 | [MIT license](https://github.com/miscreant/miscreant/blob/master/LICENSE.txt).
6 |
7 | * [Tony Arcieri (@tarcieri)](https://github.com/tarcieri)
8 | * [Dmitry Chestnykh (@dchest)](https://github.com/dchest)
9 | * [John Downey (@jtdowney)](https://github.com/jtdowney)
10 | * [Nemanja Mijailovic (@metalnem)](https://github.com/metalnem)
11 |
--------------------------------------------------------------------------------
/CODE_OF_CONDUCT.md:
--------------------------------------------------------------------------------
1 | # Contributor Covenant Code of Conduct
2 |
3 | ## Our Pledge
4 |
5 | In the interest of fostering an open and welcoming environment, we as
6 | contributors and maintainers pledge to making participation in our project and
7 | our community a harassment-free experience for everyone, regardless of age, body
8 | size, disability, ethnicity, gender identity and expression, level of experience,
9 | nationality, personal appearance, race, religion, or sexual identity and
10 | orientation.
11 |
12 | ## Our Standards
13 |
14 | Examples of behavior that contributes to creating a positive environment
15 | include:
16 |
17 | * Using welcoming and inclusive language
18 | * Being respectful of differing viewpoints and experiences
19 | * Gracefully accepting constructive criticism
20 | * Focusing on what is best for the community
21 | * Showing empathy towards other community members
22 |
23 | Examples of unacceptable behavior by participants include:
24 |
25 | * The use of sexualized language or imagery and unwelcome sexual attention or
26 | advances
27 | * Trolling, insulting/derogatory comments, and personal or political attacks
28 | * Public or private harassment
29 | * Publishing others' private information, such as a physical or electronic
30 | address, without explicit permission
31 | * Other conduct which could reasonably be considered inappropriate in a
32 | professional setting
33 |
34 | ## Our Responsibilities
35 |
36 | Project maintainers are responsible for clarifying the standards of acceptable
37 | behavior and are expected to take appropriate and fair corrective action in
38 | response to any instances of unacceptable behavior.
39 |
40 | Project maintainers have the right and responsibility to remove, edit, or
41 | reject comments, commits, code, wiki edits, issues, and other contributions
42 | that are not aligned to this Code of Conduct, or to ban temporarily or
43 | permanently any contributor for other behaviors that they deem inappropriate,
44 | threatening, offensive, or harmful.
45 |
46 | ## Scope
47 |
48 | This Code of Conduct applies both within project spaces and in public spaces
49 | when an individual is representing the project or its community. Examples of
50 | representing a project or community include using an official project e-mail
51 | address, posting via an official social media account, or acting as an appointed
52 | representative at an online or offline event. Representation of a project may be
53 | further defined and clarified by project maintainers.
54 |
55 | ## Enforcement
56 |
57 | Instances of abusive, harassing, or otherwise unacceptable behavior may be
58 | reported by contacting the project team at [bascule@gmail.com]. All
59 | complaints will be reviewed and investigated and will result in a response that
60 | is deemed necessary and appropriate to the circumstances. The project team is
61 | obligated to maintain confidentiality with regard to the reporter of an incident.
62 | Further details of specific enforcement policies may be posted separately.
63 |
64 | Project maintainers who do not follow or enforce the Code of Conduct in good
65 | faith may face temporary or permanent repercussions as determined by other
66 | members of the project's leadership.
67 |
68 | [bascule@gmail.com]: mailto:bascule@gmail.com
69 |
70 | ## Attribution
71 |
72 | This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
73 | available at [http://contributor-covenant.org/version/1/4][version]
74 |
75 | [homepage]: http://contributor-covenant.org
76 | [version]: http://contributor-covenant.org/version/1/4/
77 |
--------------------------------------------------------------------------------
/LICENSE.txt:
--------------------------------------------------------------------------------
1 | Copyright (c) 2017-2018 The Miscreant Developers. The canonical list of project
2 | contributors who hold copyright over the project can be found at:
3 |
4 | https://github.com/miscreant/miscreant/blob/master/AUTHORS.md
5 |
6 | MIT License
7 |
8 | Permission is hereby granted, free of charge, to any person obtaining
9 | a copy of this software and associated documentation files (the
10 | "Software"), to deal in the Software without restriction, including
11 | without limitation the rights to use, copy, modify, merge, publish,
12 | distribute, sublicense, and/or sell copies of the Software, and to
13 | permit persons to whom the Software is furnished to do so, subject to
14 | the following conditions:
15 |
16 | The above copyright notice and this permission notice shall be
17 | included in all copies or substantial portions of the Software.
18 |
19 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
20 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
21 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
22 | NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
23 | LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
24 | OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
25 | WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
26 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # 
2 |
3 | [![MIT Licensed][license-image]][license-link]
4 | [![Gitter Chat][gitter-image]][gitter-link]
5 |
6 | [license-image]: https://img.shields.io/badge/license-MIT-blue.svg
7 | [license-link]: https://github.com/miscreant/miscreant/blob/master/LICENSE.txt
8 | [gitter-image]: https://badges.gitter.im/badge.svg
9 | [gitter-link]: https://gitter.im/miscreant/Lobby
10 |
11 | > The best crypto you've never heard of, brought to you by [Phil Rogaway]
12 |
13 | A misuse resistant symmetric encryption library designed to support
14 | authenticated encryption of individual messages, encryption keys,
15 | message streams, or large files using the [AES-SIV] ([RFC 5297]),
16 | [AES-PMAC-SIV], and [STREAM] constructions.
17 |
18 | Miscreant is available for several programming languages, including
19 | [C#], [Go], [JavaScript], [Python], [Ruby], and [Rust].
20 |
21 | [Phil Rogaway]: https://en.wikipedia.org/wiki/Phillip_Rogaway
22 | [RFC 5297]: https://tools.ietf.org/html/rfc5297
23 | [AES-SIV]: https://github.com/miscreant/miscreant/wiki/AES-SIV
24 | [AES-PMAC-SIV]: https://github.com/miscreant/miscreant/wiki/AES-PMAC-SIV
25 | [STREAM]: https://github.com/miscreant/miscreant/wiki/STREAM
26 | [C#]: https://github.com/miscreant/miscreant/tree/master/dotnet
27 | [Go]: https://github.com/miscreant/miscreant/tree/master/go
28 | [JavaScript]: https://github.com/miscreant/miscreant/tree/master/js
29 | [Python]: https://github.com/miscreant/miscreant/tree/master/python
30 | [Ruby]: https://github.com/miscreant/miscreant/tree/master/ruby
31 | [Rust]: https://github.com/miscreant/miscreant/tree/master/rust
32 |
33 | ## What is Miscreant?
34 |
35 | **Miscreant** is a set of interoperable libraries implemented in several
36 | languages providing a high-level API for misuse-resistant symmetric encryption.
37 | Additionally, it provides support for "online" [authenticated encryption] use
38 | cases such as streaming or incrementally encryption/decryption of large files.
39 |
40 | The following algorithms are provided by **Miscreant**:
41 |
42 | * [AES-SIV]: an [authenticated] mode of AES which provides
43 | [nonce reuse misuse resistance]. Described in [RFC 5297], it combines the
44 | [AES-CTR] ([NIST SP 800-38A]) mode of encryption with the
45 | [AES-CMAC]([NIST SP 800-38B]) function for integrity.
46 |
47 | * [AES-PMAC-SIV]: a fully parallelizable variant of **AES-SIV** which
48 | substitutes the [AES-PMAC] function for integrity, providing effectively
49 | identical security properties as the original construction, but much better
50 | performance on systems which provide parallel hardware implementations of
51 | AES, namely Intel/AMD CPUs.
52 |
53 | * [STREAM]: a construction which, when combined with **AES-SIV** or
54 | **AES-PMAC-SIV**, provides online/streaming [authenticated] encryption
55 | and defends against reordering and truncation attacks.
56 |
57 | [authenticated]: https://en.wikipedia.org/wiki/Authenticated_encryption
58 | [nonce reuse misuse resistance]: https://github.com/miscreant/miscreant/wiki/Nonce-Reuse-Misuse-Resistance
59 | [AES-CTR]: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Counter_.28CTR.29
60 | [AES-CMAC]: https://en.wikipedia.org/wiki/One-key_MAC
61 | [AES-PMAC]: http://web.cs.ucdavis.edu/~rogaway/ocb/pmac-bak.htm
62 |
63 | ## Cipher Comparison
64 |
65 | ### Miscreant Ciphers
66 |
67 | | Name | [Authenticated] | [Misuse Resistance] | x86 Speed | IoT Speed† | Standardization |
68 | |-------------------|-----------------|---------------------|----------------|------------|-------------------|
69 | | [AES-SIV] | 💚 | 💚 | 💛 | 💚 | [RFC 5297] |
70 | | [AES-PMAC-SIV] | 💚 | 💚 | 💚 | 💚 | None |
71 |
72 | ### Other Constructions
73 |
74 | | Name | [Authenticated] | [Misuse Resistance] | x86 Speed | IoT Speed† | Standardization |
75 | |-------------------|-----------------|---------------------|----------------|------------|-------------------|
76 | | AES-GCM-SIV | 💚 | 💚 | 💖 | 💔 | Forthcoming‡ |
77 | | AES-GCM | 💚 | 💔 | 💖 | 💔 | [NIST SP 800-38D] |
78 | | AES-CCM | 💚 | 💔 | 💛 | 💚 | [NIST SP 800-38C] |
79 | | AES-CBC | 💔 | 💔 | 💚 | 💚 | [NIST SP 800-38A] |
80 | | AES-CTR | 💔 | 💔 | 💚 | 💚 | [NIST SP 800-38A] |
81 | | ChaCha20+Poly1305 | 💚 | 💔 | 💚 | 💛 | [RFC 7539] |
82 | | XSalsa20+Poly1305 | 💚 | 💔 | 💚 | 💛 | None |
83 |
84 | ### Legend
85 |
86 | | Heart | Meaning |
87 | |-------|-----------|
88 | | 💚 | Great |
89 | | 💛 | Fine 
|
90 | | 💔 | Bad |
91 |
92 | † Assumes hardware acceleration for the AES block cipher function
93 |
94 | ‡ Work is underway in the IRTF CFRG to provide an informational RFC for **AES-GCM-SIV**.
95 | For more information, see [draft-irtf-cfrg-gcmsiv].
96 | When standardization work around **AES-GCM-SIV** is complete, it will be
97 | [considered for inclusion in this library](https://github.com/miscreant/miscreant/issues/60).
98 |
99 | [Misuse Resistance]: https://github.com/miscreant/miscreant/wiki/Nonce-Reuse-Misuse-Resistance
100 | [NIST SP 800-38A]: https://dx.doi.org/10.6028/NIST.SP.800-38A
101 | [NIST SP 800-38B]: https://dx.doi.org/10.6028/NIST.SP.800-38B
102 | [NIST SP 800-38C]: https://dx.doi.org/10.6028/NIST.SP.800-38C
103 | [NIST SP 800-38D]: https://dx.doi.org/10.6028/NIST.SP.800-38D
104 | [RFC 7539]: https://tools.ietf.org/html/rfc7539
105 | [draft-irtf-cfrg-gcmsiv]: https://datatracker.ietf.org/doc/draft-irtf-cfrg-gcmsiv/
106 | [GHASH]: https://en.wikipedia.org/wiki/Galois/Counter_Mode#Mathematical_basis
107 |
108 | ## Language Support
109 |
110 | **Miscreant** libraries are available for the following languages:
111 |
112 | | Language | Version |
113 | |------------------------|--------------------------------------|
114 | | [C#][nuget-link] | [![nuget][nuget-shield]][nuget-link] |
115 | | [Go][go-link] | N/A |
116 | | [JavaScript][npm-link] | [![npm][npm-shield]][npm-link] |
117 | | [Python][pypi-link] | [![pypi][pypi-shield]][pypi-link] |
118 | | [Ruby][gem-link] | [![gem][gem-shield]][gem-link] |
119 | | [Rust][crate-link] | [![crate][crate-shield]][crate-link] |
120 |
121 | [nuget-link]: https://www.nuget.org/packages/Miscreant
122 | [nuget-shield]: https://img.shields.io/nuget/v/Miscreant.svg
123 | [go-link]: https://github.com/miscreant/miscreant/tree/master/go
124 | [npm-shield]: https://img.shields.io/npm/v/miscreant.svg
125 | [npm-link]: https://www.npmjs.com/package/miscreant
126 | [pypi-shield]: https://img.shields.io/pypi/v/miscreant.svg
127 | [pypi-link]: https://pypi.python.org/pypi/miscreant/
128 | [gem-shield]: https://badge.fury.io/rb/miscreant.svg
129 | [gem-link]: https://rubygems.org/gems/miscreant
130 | [crate-shield]: https://img.shields.io/crates/v/miscreant.svg
131 | [crate-link]: https://crates.io/crates/miscreant
132 |
133 | ## Documentation
134 |
135 | [Please see the Miscreant Wiki](https://github.com/miscreant/miscreant/wiki)
136 | for more detailed documentation and usage notes.
137 |
138 | ## Related Projects
139 |
140 | * [XSTREAM]: public-key cryptography built on Miscreant and the [X25519]
141 | elliptic curve Diffie-Hellman function.
142 | * [minc] (the MIscreaNt Cryptotool): a command-line encryption utility built
143 | on Miscreant and **XSTREAM**.
144 |
145 | [XSTREAM]: https://github.com/miscreant/xstream
146 | [X25519]: https://en.wikipedia.org/wiki/Curve25519
147 | [minc]: https://github.com/miscreant/minc
148 |
149 | ## Help and Discussion
150 |
151 | Have questions? Want to suggest a feature or change?
152 |
153 | * [Gitter]: web-based chat about Miscreant
154 | * [Google Group]: join via web or email ([miscreant-crypto+subscribe@googlegroups.com])
155 |
156 | [Gitter]: https://gitter.im/miscreant/Lobby
157 | [Google Group]: https://groups.google.com/forum/#!forum/miscreant-crypto
158 | [miscreant-crypto+subscribe@googlegroups.com]: mailto:miscreant-crypto+subscribe@googlegroups.com?subject=subscribe
159 |
160 | ## Code of Conduct
161 |
162 | We abide by the [Contributor Covenant][cc] and ask that you do as well.
163 |
164 | For more information, please see [CODE_OF_CONDUCT.md].
165 |
166 | [cc]: https://contributor-covenant.org
167 | [CODE_OF_CONDUCT.md]: https://github.com/miscreant/miscreant/blob/master/CODE_OF_CONDUCT.md
168 |
169 | ## Key Rap
170 |
171 | The paper describing AES-SIV,
172 | [Deterministic Authenticated-Encryption: A Provable-Security Treatment of the Key-Wrap Problem]
173 | contains this explanatory rap song at the end, which goes out to all the
174 | chronic IV misusing miscreants in the land:
175 |
176 | > Yo! We’z gonna’ take them keys an’ whatever you pleaze
177 | > We gonna’ wrap ’em all up looks like some ran’om gup
178 | > Make somethin’ gnarly and funky won’t fool no half-wit junkie
179 | > So the game’s like AE but there’s one major hitch
180 | > No coins can be pitched there’s no state to enrich
181 | > the IV’s in a ditch dead drunk on cheap wine
182 | > Now NIST and X9 and their friends at the fort
183 | > suggest that you stick it in a six-layer torte
184 | > S/MIME has a scheme there’s even one more
185 | > So many ways that it’s hard to keep score
186 | > And maybe they work and maybe they’re fine
187 | > but I want some proofs for spendin’ my time
188 | > After wrappin’ them keys gonna’ help out some losers
189 | > chronic IV abusers don’t read no directions
190 | > risk a deadly infection If a rusty IV’s drippin’ into yo’ veins
191 | > and ya never do manage to get it exchanged
192 | > Then we got ya somethin’ and it comes at low cost
193 | > When you screw up again not all ’ill be lost
194 |
195 | [Deterministic Authenticated-Encryption: A Provable-Security Treatment of the Key-Wrap Problem]: http://web.cs.ucdavis.edu/~rogaway/papers/keywrap.pdf
196 |
197 | ## Contributing
198 |
199 | Bug reports and pull requests are welcome on GitHub at https://github.com/miscreant/miscreant
200 |
201 | ## Copyright
202 |
203 | Copyright (c) 2017-2018 [The Miscreant Developers][AUTHORS].
204 | Distributed under the MIT license. See [LICENSE.txt] for further details.
205 |
206 | Some language-specific subprojects include sources from other authors with more
207 | specific licensing requirements, though all projects are MIT licensed.
208 | Please see the respective **LICENSE.txt** files in each project for more
209 | information.
210 |
211 | [AUTHORS]: https://github.com/miscreant/miscreant/blob/master/AUTHORS.md
212 | [LICENSE.txt]: https://github.com/miscreant/miscreant/blob/master/LICENSE.txt
213 |
--------------------------------------------------------------------------------
/vectors/aes.tjson:
--------------------------------------------------------------------------------
1 | {
2 | "examples:A":[
3 | {
4 | "key:d16": "2b7e151628aed2a6abf7158809cf4f3c",
5 | "src:d16": "3243f6a8885a308d313198a2e0370734",
6 | "dst:d16": "3925841d02dc09fbdc118597196a0b32"
7 | },
8 | {
9 | "key:d16": "000102030405060708090a0b0c0d0e0f",
10 | "src:d16": "00112233445566778899aabbccddeeff",
11 | "dst:d16": "69c4e0d86a7b0430d8cdb78070b4c55a"
12 | },
13 | {
14 | "key:d16": "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
15 | "src:d16": "00112233445566778899aabbccddeeff",
16 | "dst:d16": "8ea2b7ca516745bfeafc49904b496089"
17 | }
18 | ]
19 | }
20 |
--------------------------------------------------------------------------------
/vectors/aes_cmac.tjson:
--------------------------------------------------------------------------------
1 | {
2 | "examples:A":[
3 | {
4 | "key:d16":"2b7e151628aed2a6abf7158809cf4f3c",
5 | "message:d16":"",
6 | "tag:d16":"bb1d6929e95937287fa37d129b756746"
7 | },
8 | {
9 | "key:d16":"2b7e151628aed2a6abf7158809cf4f3c",
10 | "message:d16":"6bc1bee22e409f96e93d7e117393172a",
11 | "tag:d16":"070a16b46b4d4144f79bdd9dd04a287c"
12 | },
13 | {
14 | "key:d16":"2b7e151628aed2a6abf7158809cf4f3c",
15 | "message:d16":"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411",
16 | "tag:d16":"dfa66747de9ae63030ca32611497c827"
17 | },
18 | {
19 | "key:d16":"2b7e151628aed2a6abf7158809cf4f3c",
20 | "message:d16":"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",
21 | "tag:d16":"51f0bebf7e3b9d92fc49741779363cfe"
22 | },
23 | {
24 | "key:d16":"603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4",
25 | "message:d16":"",
26 | "tag:d16":"028962f61b7bf89efc6b551f4667d983"
27 | },
28 | {
29 | "key:d16":"603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4",
30 | "message:d16":"6bc1bee22e409f96e93d7e117393172a",
31 | "tag:d16":"28a7023f452e8f82bd4bf28d8c37c35c"
32 | },
33 | {
34 | "key:d16":"603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4",
35 | "message:d16":"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411",
36 | "tag:d16":"aaf3d8f1de5640c232f5b169b9c911e6"
37 | },
38 | {
39 | "key:d16":"603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4",
40 | "message:d16":"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",
41 | "tag:d16":"e1992190549f6ed5696a2c056c315410"
42 | }
43 | ]
44 | }
45 |
--------------------------------------------------------------------------------
/vectors/aes_ctr.tjson:
--------------------------------------------------------------------------------
1 | {
2 | "examples:A":[
3 | {
4 | "key:d16":"2b7e151628aed2a6abf7158809cf4f3c",
5 | "iv:d16":"f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
6 | "plaintext:d16":"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51",
7 | "ciphertext:d16":"874d6191b620e3261bef6864990db6ce9806f66b7970fdff8617187bb9fffdff"
8 | },
9 | {
10 | "key:d16":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
11 | "iv:d16":"202122232425262728292a2b2c2d2e2f",
12 | "plaintext:d16":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122",
13 | "ciphertext:d16":"61a7916d4a8a161b14c8f398b94faedba3a3e29ad93f55451ed31fe92d3abf841c7c81"
14 | }
15 | ]
16 | }
17 |
--------------------------------------------------------------------------------
/vectors/aes_pmac.tjson:
--------------------------------------------------------------------------------
1 | {
2 | "examples:A":[
3 | {
4 | "name:s":"PMAC-AES-128-0B",
5 | "key:d16":"000102030405060708090a0b0c0d0e0f",
6 | "message:d16":"",
7 | "tag:d16":"4399572cd6ea5341b8d35876a7098af7"
8 | },
9 | {
10 | "name:s":"PMAC-AES-128-3B",
11 | "key:d16":"000102030405060708090a0b0c0d0e0f",
12 | "message:d16":"000102",
13 | "tag:d16":"256ba5193c1b991b4df0c51f388a9e27"
14 | },
15 | {
16 | "name:s":"PMAC-AES-128-16B",
17 | "key:d16":"000102030405060708090a0b0c0d0e0f",
18 | "message:d16":"000102030405060708090a0b0c0d0e0f",
19 | "tag:d16":"ebbd822fa458daf6dfdad7c27da76338"
20 | },
21 | {
22 | "name:s":"PMAC-AES-128-20B",
23 | "key:d16":"000102030405060708090a0b0c0d0e0f",
24 | "message:d16":"000102030405060708090a0b0c0d0e0f10111213",
25 | "tag:d16":"0412ca150bbf79058d8c75a58c993f55"
26 | },
27 | {
28 | "name:s":"PMAC-AES-128-32B",
29 | "key:d16":"000102030405060708090a0b0c0d0e0f",
30 | "message:d16":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
31 | "tag:d16":"e97ac04e9e5e3399ce5355cd7407bc75"
32 | },
33 | {
34 | "name:s":"PMAC-AES-128-34B",
35 | "key:d16":"000102030405060708090a0b0c0d0e0f",
36 | "message:d16":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f2021",
37 | "tag:d16":"5cba7d5eb24f7c86ccc54604e53d5512"
38 | },
39 | {
40 | "name:s":"PMAC-AES-128-1000B",
41 | "key:d16":"000102030405060708090a0b0c0d0e0f",
42 | "message:d16":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
43 | "tag:d16":"c2c9fa1d9985f6f0d2aff915a0e8d910"
44 | },
45 | {
46 | "name:s":"PMAC-AES-256-0B",
47 | "key:d16":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
48 | "message:d16":"",
49 | "tag:d16":"e620f52fe75bbe87ab758c0624943d8b"
50 | },
51 | {
52 | "name:s":"PMAC-AES-256-3B",
53 | "key:d16":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
54 | "message:d16":"000102",
55 | "tag:d16":"ffe124cc152cfb2bf1ef5409333c1c9a"
56 | },
57 | {
58 | "name:s":"PMAC-AES-256-16B",
59 | "key:d16":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
60 | "message:d16":"000102030405060708090a0b0c0d0e0f",
61 | "tag:d16":"853fdbf3f91dcd36380d698a64770bab"
62 | },
63 | {
64 | "name:s":"PMAC-AES-256-20B",
65 | "key:d16":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
66 | "message:d16":"000102030405060708090a0b0c0d0e0f10111213",
67 | "tag:d16":"7711395fbe9dec19861aeb96e052cd1b"
68 | },
69 | {
70 | "name:s":"PMAC-AES-256-32B",
71 | "key:d16":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
72 | "message:d16":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
73 | "tag:d16":"08fa25c28678c84d383130653e77f4c0"
74 | },
75 | {
76 | "name:s":"PMAC-AES-256-34B",
77 | "key:d16":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
78 | "message:d16":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f2021",
79 | "tag:d16":"edd8a05f4b66761f9eee4feb4ed0c3a1"
80 | },
81 | {
82 | "name:s":"PMAC-AES-256-1000B",
83 | "key:d16":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
84 | "message:d16":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
85 | "tag:d16":"69aa77f231eb0cdff960f5561d29a96e"
86 | }
87 | ]
88 | }
89 |
--------------------------------------------------------------------------------
/vectors/aes_pmac_siv.tjson:
--------------------------------------------------------------------------------
1 | {
2 | "examples:A":[
3 | {
4 | "name:s":"AES-PMAC-SIV-128-TV1: Deterministic Authenticated Encryption Example",
5 | "key:d16":"fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
6 | "ad:A":[
7 | "101112131415161718191a1b1c1d1e1f2021222324252627"
8 | ],
9 | "plaintext:d16":"112233445566778899aabbccddee",
10 | "ciphertext:d16":"8c4b814216140fc9b34a41716aa61633ea66abe16b2f6e4bceeda6e9077f"
11 | },
12 | {
13 | "name:s":"AES-PMAC-SIV-128-TV2: Nonce-Based Authenticated Encryption Example",
14 | "key:d16":"7f7e7d7c7b7a79787776757473727170404142434445464748494a4b4c4d4e4f",
15 | "ad:A":[
16 | "00112233445566778899aabbccddeeffdeaddadadeaddadaffeeddccbbaa99887766554433221100",
17 | "102030405060708090a0",
18 | "09f911029d74e35bd84156c5635688c0"
19 | ],
20 | "plaintext:d16":"7468697320697320736f6d6520706c61696e7465787420746f20656e6372797074207573696e67205349562d414553",
21 | "ciphertext:d16":"acb9cbc95dbed8e766d25ad59deb65bcda7aff9214153273f88e89ebe580c77defc15d28448f420e0a17d42722e6d42776849aa3bec375c5a05e54f519e9fd"
22 | },
23 | {
24 | "name:s":"AES-PMAC-SIV-128-TV3: Empty Authenticated Data And Plaintext Example",
25 | "key:d16":"fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
26 | "ad:A":[],
27 | "plaintext:d16":"",
28 | "ciphertext:d16":"19f25e5ea8a96ef27067d4626fdd3677"
29 | },
30 | {
31 | "name:s":"AES-PMAC-SIV-128-TV4: Nonce-Based Authenticated Encryption With Large Message Example",
32 | "key:d16":"fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
33 | "ad:A":[
34 | "101112131415161718191a1b1c1d1e1f2021222324252627"
35 | ],
36 | "plaintext:d16":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f70",
37 | "ciphertext:d16":"34cbb315120924e6ad05240a1582018b3dc965941308e0535680344cf9cf40cb5aa00b449548f9a4d9718fd22057d19f5ea89450d2d3bf905e858aaec4fc594aa27948ea205ca90102fc463f5c1cbbfb171d296d727ec77f892fb192a4eb9897b7d48d50e474a1238f02a82b122a7b16aa5cc1c04b10b839e478662ff1cec7cabc"
38 | },
39 | {
40 | "name:s":"AES-PMAC-SIV-256-TV1: 256-bit key with one associated data field",
41 | "key:d16":"fffefdfcfbfaf9f8f7f6f5f4f3f2f1f06f6e6d6c6b6a69686766656463626160f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f",
42 | "ad:A":[
43 | "101112131415161718191a1b1c1d1e1f2021222324252627"
44 | ],
45 | "plaintext:d16":"112233445566778899aabbccddee",
46 | "ciphertext:d16":"77097bb3e160988e8b262c1942f983885f826d0d7e047e975e2fc4ea6776"
47 | },
48 | {
49 | "name:s":"AES-PMAC-SIV-256-TV2: 256-bit key with three associated data fields",
50 | "key:d16":"7f7e7d7c7b7a797877767574737271706f6e6d6c6b6a69686766656463626160404142434445464748494a4b4c4d4e4f505152535455565758595a5b5b5d5e5f",
51 | "ad:A":[
52 | "00112233445566778899aabbccddeeffdeaddadadeaddadaffeeddccbbaa99887766554433221100",
53 | "102030405060708090a0",
54 | "09f911029d74e35bd84156c5635688c0"
55 | ],
56 | "plaintext:d16":"7468697320697320736f6d6520706c61696e7465787420746f20656e6372797074207573696e67205349562d414553",
57 | "ciphertext:d16":"cd07d56dca0fe1569b8ecb3cf2346604290726e12529fc5948546b6be39fed9cd8652256c594c8f56208c7496789de8dfb4f161627c91482f9ecf809652a9e"
58 | },
59 | {
60 | "name:s":"AES-PMAC-SIV-256-TV3: Nonce-Based Authenticated Encryption With Large Message Example",
61 | "key:d16":"7f7e7d7c7b7a797877767574737271706f6e6d6c6b6a69686766656463626160404142434445464748494a4b4c4d4e4f505152535455565758595a5b5b5d5e5f",
62 | "ad:A":[
63 | "101112131415161718191a1b1c1d1e1f2021222324252627"
64 | ],
65 | "plaintext:d16":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f70",
66 | "ciphertext:d16":"045ba64522c5c980835674d1c5a9264eca3e9f7aceafe9b5485b33f7d2c9114fe5c4b24f9c814d88e78b6150028d630289d023015b8569af338de0af8534827732b365ace1ac99d278431b22eafe31b94297b1c6a2de41383ed8b39f17e748aea128a8bd7d0ee80ec899f1b940c9c0463f22fc2b5a145cb6e90a32801dd1950f92"
67 | }
68 | ]
69 | }
70 |
--------------------------------------------------------------------------------
/vectors/aes_siv.tjson:
--------------------------------------------------------------------------------
1 | {
2 | "examples:A":[
3 | {
4 | "name:s":"Deterministic Authenticated Encryption Example",
5 | "key:d16":"fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
6 | "ad:A":[
7 | "101112131415161718191a1b1c1d1e1f2021222324252627"
8 | ],
9 | "plaintext:d16":"112233445566778899aabbccddee",
10 | "ciphertext:d16":"85632d07c6e8f37f950acd320a2ecc9340c02b9690c4dc04daef7f6afe5c"
11 | },
12 | {
13 | "name:s":"Nonce-Based Authenticated Encryption Example",
14 | "key:d16":"7f7e7d7c7b7a79787776757473727170404142434445464748494a4b4c4d4e4f",
15 | "ad:A":[
16 | "00112233445566778899aabbccddeeffdeaddadadeaddadaffeeddccbbaa99887766554433221100",
17 | "102030405060708090a0",
18 | "09f911029d74e35bd84156c5635688c0"
19 | ],
20 | "plaintext:d16":"7468697320697320736f6d6520706c61696e7465787420746f20656e6372797074207573696e67205349562d414553",
21 | "ciphertext:d16":"7bdb6e3b432667eb06f4d14bff2fbd0fcb900f2fddbe404326601965c889bf17dba77ceb094fa663b7a3f748ba8af829ea64ad544a272e9c485b62a3fd5c0d"
22 | },
23 | {
24 | "name:s":"Empty Authenticated Data And Plaintext Example",
25 | "key:d16":"fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
26 | "ad:A":[],
27 | "plaintext:d16":"",
28 | "ciphertext:d16":"f2007a5beb2b8900c588a7adf599f172"
29 | },
30 | {
31 | "name:s":"NIST SIV test vectors (256-bit subkeys #1)",
32 | "key:d16":"fffefdfcfbfaf9f8f7f6f5f4f3f2f1f06f6e6d6c6b6a69686766656463626160f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f",
33 | "ad:A":[
34 | "101112131415161718191a1b1c1d1e1f2021222324252627"
35 | ],
36 | "plaintext:d16":"112233445566778899aabbccddee",
37 | "ciphertext:d16":"f125274c598065cfc26b0e71575029088b035217e380cac8919ee800c126"
38 | },
39 | {
40 | "name:s":"NIST SIV test vectors (256-bit subkeys #2)",
41 | "key:d16":"7f7e7d7c7b7a797877767574737271706f6e6d6c6b6a69686766656463626160404142434445464748494a4b4c4d4e4f505152535455565758595a5b5b5d5e5f",
42 | "ad:A":[
43 | "00112233445566778899aabbccddeeffdeaddadadeaddadaffeeddccbbaa99887766554433221100",
44 | "102030405060708090a0",
45 | "09f911029d74e35bd84156c5635688c0"
46 | ],
47 | "plaintext:d16":"7468697320697320736f6d6520706c61696e7465787420746f20656e6372797074207573696e67205349562d414553",
48 | "ciphertext:d16":"85b8167310038db7dc4692c0281ca35868181b2762f3c24f2efa5fb80cb143516ce6c434b898a6fd8eb98a418842f51f66fc67de43ac185a66dd72475bbb08"
49 | },
50 | {
51 | "name:s":"Empty Authenticated Data And Block-Size Plaintext Example",
52 | "key:d16":"fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
53 | "ad:A":[],
54 | "plaintext:d16":"00112233445566778899aabbccddeeff",
55 | "ciphertext:d16":"f304f912863e303d5b540e5057c7010c942ffaf45b0e5ca5fb9a56a5263bb065"
56 | }
57 | ]
58 | }
59 |
--------------------------------------------------------------------------------
/vectors/aes_siv_aead.tjson:
--------------------------------------------------------------------------------
1 | {
2 | "examples:A":[
3 | {
4 | "name:s":"AES-SIV Nonce-based Authenticated Encryption Example #1",
5 | "alg:s":"AES-SIV",
6 | "key:d16":"fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
7 | "ad:d16":"",
8 | "nonce:d16":"101112131415161718191a1b1c1d1e1f2021222324252627",
9 | "plaintext:d16":"112233445566778899aabbccddee",
10 | "ciphertext:d16":"4b3d0f15ae9ffa9e65b949421582ef70e410910d6446c7759ebff9b5385a"
11 | },
12 | {
13 | "name:s":"AES-SIV Nonce-based Authenticated Encryption Example #2",
14 | "alg:s":"AES-SIV",
15 | "key:d16":"fffefdfcfbfaf9f8f7f6f5f4f3f2f1f06f6e6d6c6b6a69686766656463626160f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f",
16 | "ad:d16":"",
17 | "nonce:d16":"101112131415161718191a1b1c1d1e1f2021222324252627",
18 | "plaintext:d16":"112233445566778899aabbccddee",
19 | "ciphertext:d16":"e618d2d6a86b50a8d7df82ab34aa950ab319d7fc15f7cd1ea99b1a033f20"
20 | },
21 | {
22 | "name:s":"AES-SIV Authenticted Encryption with Associated Data Example",
23 | "alg:s":"AES-SIV",
24 | "key:d16":"7f7e7d7c7b7a79787776757473727170404142434445464748494a4b4c4d4e4f",
25 | "ad:d16":"00112233445566778899aabbccddeeffdeaddadadeaddadaffeeddccbbaa99887766554433221100",
26 | "nonce:d16":"09f911029d74e35bd84156c5635688c0",
27 | "plaintext:d16":"7468697320697320736f6d6520706c61696e7465787420746f20656e6372797074207573696e67205349562d414553",
28 | "ciphertext:d16":"85825e22e90cf2ddda2c548dc7c1b6310dcdaca0cebf9dc6cb90583f5bf1506e02cd48832b00e4e598b2b22a53e6199d4df0c1666a35a0433b250dc134d776"
29 | },
30 | {
31 | "name:s":"AES-PMAC-SIV Nonce-based Authenticated Encryption Example #1",
32 | "alg:s":"AES-PMAC-SIV",
33 | "key:d16":"fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
34 | "ad:d16":"",
35 | "nonce:d16":"101112131415161718191a1b1c1d1e1f2021222324252627",
36 | "plaintext:d16":"112233445566778899aabbccddee",
37 | "ciphertext:d16":"3e6acab1cc2f4a847f8fa605e7e1ce55d9200b444571f8b8956eb3df5498"
38 | },
39 | {
40 | "name:s":"AES-PMAC-SIV Nonce-based Authenticated Encryption Example #2",
41 | "alg:s":"AES-PMAC-SIV",
42 | "key:d16":"fffefdfcfbfaf9f8f7f6f5f4f3f2f1f06f6e6d6c6b6a69686766656463626160f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f",
43 | "ad:d16":"",
44 | "nonce:d16":"101112131415161718191a1b1c1d1e1f2021222324252627",
45 | "plaintext:d16":"112233445566778899aabbccddee",
46 | "ciphertext:d16":"0623a7275afd5082035e43b0dcafe3a891c2b8eed2b1a07f0dd25180e072"
47 | },
48 | {
49 | "name:s":"AES-PMAC-SIV Authenticted Encryption with Associated Data Example",
50 | "alg:s":"AES-PMAC-SIV",
51 | "key:d16":"7f7e7d7c7b7a79787776757473727170404142434445464748494a4b4c4d4e4f",
52 | "ad:d16":"00112233445566778899aabbccddeeffdeaddadadeaddadaffeeddccbbaa99887766554433221100",
53 | "nonce:d16":"09f911029d74e35bd84156c5635688c0",
54 | "plaintext:d16":"7468697320697320736f6d6520706c61696e7465787420746f20656e6372797074207573696e67205349562d414553",
55 | "ciphertext:d16":"1463d1119b2a2797241bb1674633dff13b9de11e5e2f526048b36c40c7722667b2957018023bf0e52792b703a01e88aacd49898cecfce943d7f61a2337a097"
56 | }
57 | ]
58 | }
59 |
--------------------------------------------------------------------------------
/vectors/aes_siv_stream.tjson:
--------------------------------------------------------------------------------
1 | {
2 | "examples:A":[
3 | {
4 | "name:s":"AES-SIV STREAM 1-Block Example (256-bit key)",
5 | "alg:s":"AES-SIV",
6 | "key:d16":"fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
7 | "nonce:d16":"1011121314151617",
8 | "blocks:A":[
9 | {
10 | "ad:d16":"",
11 | "plaintext:d16":"112233445566778899aabbccddee",
12 | "ciphertext:d16":"9df7f25c0f05311f598ab04930f3f07ee7209a2c7aeb4a0f9d191bd05854"
13 | }
14 | ]
15 | },
16 | {
17 | "name:s":"AES-SIV STREAM 2-Block Example (512-bit key)",
18 | "alg:s":"AES-SIV",
19 | "key:d16":"fffefdfcfbfaf9f8f7f6f5f4f3f2f1f06f6e6d6c6b6a69686766656463626160f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f",
20 | "nonce:d16":"1011121314151617",
21 | "blocks:A":[
22 | {
23 | "ad:d16":"",
24 | "plaintext:d16":"112233445566778899aabbccddee",
25 | "ciphertext:d16":"7690761b80e4984fc61f4edc7a57e81b50d976f58c5539c82a4277388a28"
26 | },
27 | {
28 | "ad:d16":"",
29 | "plaintext:d16":"ff00",
30 | "ciphertext:d16":"a7d44953340d00344dcf8de3422eb0ad471d"
31 | }
32 | ]
33 | },
34 | {
35 | "name:s":"AES-SIV STREAM 3-Block Example (512-bit key)",
36 | "alg:s":"AES-SIV",
37 | "key:d16":"fffefdfcfbfaf9f8f7f6f5f4f3f2f1f06f6e6d6c6b6a69686766656463626160f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f",
38 | "nonce:d16":"1011121314151617",
39 | "blocks:A":[
40 | {
41 | "ad:d16":"",
42 | "plaintext:d16":"112233445566778899aabbccddee",
43 | "ciphertext:d16":"7690761b80e4984fc61f4edc7a57e81b50d976f58c5539c82a4277388a28"
44 | },
45 | {
46 | "ad:d16":"",
47 | "plaintext:d16":"ff00112233445566778899aa",
48 | "ciphertext:d16":"09b7e610d0b92c37a6a0fac3dde23a773202798ffa82b2c8c1fa8065"
49 | },
50 | {
51 | "ad:d16":"",
52 | "plaintext:d16":"bbccddeeff00",
53 | "ciphertext:d16":"d8b11e877fa11cd67315f26cc9ddebd7aa2fefc1a88d"
54 | }
55 | ]
56 | },
57 | {
58 | "name:s":"AES-SIV STREAM 1-Block Example with Associated Data (256-bit key)",
59 | "alg:s":"AES-SIV",
60 | "key:d16":"7f7e7d7c7b7a79787776757473727170404142434445464748494a4b4c4d4e4f",
61 | "nonce:d16":"09f911029d74e35b",
62 | "blocks:A":[
63 | {
64 | "ad:d16":"00112233445566778899aabbccddeeffdeaddadadeaddadaffeeddccbbaa99887766554433221100",
65 | "plaintext:d16":"7468697320697320736f6d6520706c61696e7465787420746f20656e6372797074207573696e67205349562d414553",
66 | "ciphertext:d16":"4f31ed187786dfd0586bdce37c739eb054e7f84d901244cacea78a99afcec603bfc2e39f3cf0f66c50e7bec15b232b45ab5f81356a5ef309e3afe5abfaa6b4"
67 | }
68 | ]
69 | },
70 | {
71 | "name:s":"AES-SIV STREAM 2-Block Example with Associated Data (256-bit key)",
72 | "alg:s":"AES-SIV",
73 | "key:d16":"7f7e7d7c7b7a79787776757473727170404142434445464748494a4b4c4d4e4f",
74 | "nonce:d16":"09f911029d74e35b",
75 | "blocks:A":[
76 | {
77 | "ad:d16":"00112233445566778899aabbccddeeffdeaddadadeaddadaffeeddccbbaa99887766554433221100",
78 | "plaintext:d16":"7468697320697320736f6d6520706c61696e7465787420746f20656e6372797074207573696e67205349562d414553",
79 | "ciphertext:d16":"87ea507ce654490d4db475b06de29ccf8f618a8cfa81af97cfe3a05e69b70373493cae08d9236d358dad18db097a610208712253140730fa3d6e538d00c9f7"
80 | },
81 | {
82 | "ad:d16":"112233445566778899aabbccddeeff",
83 | "plaintext:d16":"d6520706c61696e7465787420746f20656e6372797",
84 | "ciphertext:d16":"acc5b50be1d9e231c2989b5d9e1dbc7d03a66d3c826d4a29c7b097463fa26706306381f937"
85 | }
86 | ]
87 | },
88 | {
89 | "name:s":"AES-PMAC-SIV STREAM 1-Block Example (256-bit key)",
90 | "alg:s":"AES-PMAC-SIV",
91 | "key:d16":"fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
92 | "nonce:d16":"1011121314151617",
93 | "blocks:A":[
94 | {
95 | "ad:d16":"",
96 | "plaintext:d16":"112233445566778899aabbccddee",
97 | "ciphertext:d16":"5cf16b750b037f484ec59355a9e769d9be6cfb06ed6aa9a02ff689e8f808"
98 | }
99 | ]
100 | },
101 | {
102 | "name:s":"AES-PMAC-SIV STREAM 2-Block Example (512-bit key)",
103 | "alg:s":"AES-PMAC-SIV",
104 | "key:d16":"fffefdfcfbfaf9f8f7f6f5f4f3f2f1f06f6e6d6c6b6a69686766656463626160f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f",
105 | "nonce:d16":"1011121314151617",
106 | "blocks:A":[
107 | {
108 | "ad:d16":"",
109 | "plaintext:d16":"112233445566778899aabbccddee",
110 | "ciphertext:d16":"b6201f96017e8d3653bf1c7c01a1478b377bba019f7389dfcd59c506fb04"
111 | },
112 | {
113 | "ad:d16":"",
114 | "plaintext:d16":"ff00",
115 | "ciphertext:d16":"c8df1c36aeddc26bba9f7e83f8708aa8bf6c"
116 | }
117 | ]
118 | },
119 | {
120 | "name:s":"AES-PMAC-SIV STREAM 3-Block Example (512-bit key)",
121 | "alg:s":"AES-PMAC-SIV",
122 | "key:d16":"fffefdfcfbfaf9f8f7f6f5f4f3f2f1f06f6e6d6c6b6a69686766656463626160f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f",
123 | "nonce:d16":"1011121314151617",
124 | "blocks:A":[
125 | {
126 | "ad:d16":"",
127 | "plaintext:d16":"112233445566778899aabbccddee",
128 | "ciphertext:d16":"b6201f96017e8d3653bf1c7c01a1478b377bba019f7389dfcd59c506fb04"
129 | },
130 | {
131 | "ad:d16":"",
132 | "plaintext:d16":"ff00112233445566778899aa",
133 | "ciphertext:d16":"819f2a2ba293ec5622a0938c3c0b913b0cf874247aa1c101882c3ecd"
134 | },
135 | {
136 | "ad:d16":"",
137 | "plaintext:d16":"bbccddeeff00",
138 | "ciphertext:d16":"e797619830ddf7e42de8d2a8346d06523e8182b2dc92"
139 | }
140 | ]
141 | },
142 | {
143 | "name:s":"AES-PMAC-SIV STREAM 1-Block Example with Associated Data (256-bit key)",
144 | "alg:s":"AES-PMAC-SIV",
145 | "key:d16":"7f7e7d7c7b7a79787776757473727170404142434445464748494a4b4c4d4e4f",
146 | "nonce:d16":"09f911029d74e35b",
147 | "blocks:A":[
148 | {
149 | "ad:d16":"00112233445566778899aabbccddeeffdeaddadadeaddadaffeeddccbbaa99887766554433221100",
150 | "plaintext:d16":"7468697320697320736f6d6520706c61696e7465787420746f20656e6372797074207573696e67205349562d414553",
151 | "ciphertext:d16":"e887f8f1c833b167cf8184428ba92ae68c42279bb9d9b83edf8f052c23c22725596db469df0f49f4c5919655f2cbeefa7559c9f0246285e6c6c0c37f74788f"
152 | }
153 | ]
154 | },
155 | {
156 | "name:s":"AES-PMAC-SIV STREAM 2-Block Example with Associated Data (256-bit key)",
157 | "alg:s":"AES-PMAC-SIV",
158 | "key:d16":"7f7e7d7c7b7a79787776757473727170404142434445464748494a4b4c4d4e4f",
159 | "nonce:d16":"09f911029d74e35b",
160 | "blocks:A":[
161 | {
162 | "ad:d16":"00112233445566778899aabbccddeeffdeaddadadeaddadaffeeddccbbaa99887766554433221100",
163 | "plaintext:d16":"7468697320697320736f6d6520706c61696e7465787420746f20656e6372797074207573696e67205349562d414553",
164 | "ciphertext:d16":"f10245a692a22fa66bbaded9bd8dd691818c140d3215da02fb419832d40bb7e5bb97bb981a7bf1c53227051446f0054b4492c5fc0e013a3cbbc6ad3c38027c"
165 | },
166 | {
167 | "ad:d16":"112233445566778899aabbccddeeff",
168 | "plaintext:d16":"d6520706c61696e7465787420746f20656e6372797",
169 | "ciphertext:d16":"ebb847fa2b5ffcae9ae906b9562d838ce9b171130075f0ff372f84c25017177617c1828595"
170 | }
171 | ]
172 | }
173 | ]
174 | }
175 |
--------------------------------------------------------------------------------
/vectors/dbl.tjson:
--------------------------------------------------------------------------------
1 | {
2 | "examples:A":[
3 | {
4 | "input:d16":"00000000000000000000000000000000",
5 | "output:d16":"00000000000000000000000000000000"
6 | },
7 | {
8 | "input:d16":"00000000000000000000000000000001",
9 | "output:d16":"00000000000000000000000000000002"
10 | },
11 | {
12 | "input:d16":"ffffffffffffffffffffffffffffffff",
13 | "output:d16":"ffffffffffffffffffffffffffffff79"
14 | },
15 | {
16 | "input:d16":"52a2d82a687330bd45d4edb9f3b06527",
17 | "output:d16":"a545b054d0e6617a8ba9db73e760ca4e"
18 | },
19 | {
20 | "input:d16":"6e56610687fe93be1ef69690067b4b7b",
21 | "output:d16":"dcacc20d0ffd277c3ded2d200cf696f6"
22 | },
23 | {
24 | "input:d16":"d2535bfca5898b81124613fdf94e3d7b",
25 | "output:d16":"a4a6b7f94b131702248c27fbf29c7a71"
26 | },
27 | {
28 | "input:d16":"e84b7dda057e100628860a3cdac155c0",
29 | "output:d16":"d096fbb40afc200c510c1479b582ab07"
30 | }
31 | ]
32 | }
33 |
--------------------------------------------------------------------------------