Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ghc-crypton for openSUSE:Factory checked in at 2026-06-10 15:58:47 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ghc-crypton (Old) and /work/SRC/openSUSE:Factory/.ghc-crypton.new.2375 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ghc-crypton" Wed Jun 10 15:58:47 2026 rev:7 rq:1358349 version:1.0.6 Changes: -------- --- /work/SRC/openSUSE:Factory/ghc-crypton/ghc-crypton.changes 2025-04-07 19:15:09.648309162 +0200 +++ /work/SRC/openSUSE:Factory/.ghc-crypton.new.2375/ghc-crypton.changes 2026-06-10 15:59:33.332636665 +0200 @@ -1,0 +2,20 @@ +Sat Jan 24 07:24:24 UTC 2026 - Peter Simons <[email protected]> + +- Update crypton to version 1.0.6. + # CHANGELOG for crypton + + ## 1.0.6 + + * Fix test failures on less common 64-bit arches. + [#65](https://github.com/kazu-yamamoto/crypton/pull/65) + + ## 1.0.5 + + * Setter/Getter for ChaCha counter. + [#63](https://github.com/kazu-yamamoto/crypton/pull/63) + * Add simple interface to generate full blocks + [#60](https://github.com/kazu-yamamoto/crypton/pull/60) + * Avoid `ghc-prim` dependency. + [#61](https://github.com/kazu-yamamoto/crypton/pull/61) + +------------------------------------------------------------------- Old: ---- crypton-1.0.4.tar.gz New: ---- crypton-1.0.6.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ghc-crypton.spec ++++++ --- /var/tmp/diff_new_pack.016fI1/_old 2026-06-10 15:59:36.008747563 +0200 +++ /var/tmp/diff_new_pack.016fI1/_new 2026-06-10 15:59:36.032748557 +0200 @@ -1,7 +1,7 @@ # # spec file for package ghc-crypton # -# Copyright (c) 2025 SUSE LLC +# Copyright (c) 2026 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -20,7 +20,7 @@ %global pkgver %{pkg_name}-%{version} %bcond_with tests Name: ghc-%{pkg_name} -Version: 1.0.4 +Version: 1.0.6 Release: 0 Summary: Cryptography Primitives sink License: BSD-3-Clause ++++++ crypton-1.0.4.tar.gz -> crypton-1.0.6.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/crypton-1.0.4/CHANGELOG.md new/crypton-1.0.6/CHANGELOG.md --- old/crypton-1.0.4/CHANGELOG.md 2001-09-09 03:46:40.000000000 +0200 +++ new/crypton-1.0.6/CHANGELOG.md 2001-09-09 03:46:40.000000000 +0200 @@ -1,3 +1,19 @@ +# CHANGELOG for crypton + +## 1.0.6 + +* Fix test failures on less common 64-bit arches. + [#65](https://github.com/kazu-yamamoto/crypton/pull/65) + +## 1.0.5 + +* Setter/Getter for ChaCha counter. + [#63](https://github.com/kazu-yamamoto/crypton/pull/63) +* Add simple interface to generate full blocks + [#60](https://github.com/kazu-yamamoto/crypton/pull/60) +* Avoid `ghc-prim` dependency. + [#61](https://github.com/kazu-yamamoto/crypton/pull/61) + ## 1.0.4 * Ed448.sign: avoid extra re-derive of public key. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/crypton-1.0.4/Crypto/Cipher/ChaCha.hs new/crypton-1.0.6/Crypto/Cipher/ChaCha.hs --- old/crypton-1.0.4/Crypto/Cipher/ChaCha.hs 2001-09-09 03:46:40.000000000 +0200 +++ new/crypton-1.0.6/Crypto/Cipher/ChaCha.hs 2001-09-09 03:46:40.000000000 +0200 @@ -1,3 +1,4 @@ +{-# LANGUAGE CApiFFI #-} {-# LANGUAGE ForeignFunctionInterface #-} {-# LANGUAGE GeneralizedNewtypeDeriving #-} @@ -18,6 +19,10 @@ initializeSimple, generateSimple, StateSimple, + + -- * Seeking and cursor for DRG purposes + generateSimpleBlock, + ChaChaState (..), ) where import Crypto.Internal.ByteArray ( @@ -39,8 +44,57 @@ newtype StateSimple = StateSimple ScrubbedBytes -- just ChaCha's state deriving (NFData) +class ChaChaState a where + getCounter64 :: a -> Word64 + setCounter64 :: Word64 -> a -> a + getCounter32 :: a -> Word32 + setCounter32 :: Word32 -> a -> a + +instance ChaChaState State where + getCounter64 (State st) = getCounter64' st ccrypton_chacha_get_state + setCounter64 n (State st) = State $ setCounter64' n st ccrypton_chacha_get_state + getCounter32 (State st) = getCounter32' st ccrypton_chacha_get_state + setCounter32 n (State st) = State $ setCounter32' n st ccrypton_chacha_get_state + +instance ChaChaState StateSimple where + getCounter64 (StateSimple st) = getCounter64' st id + setCounter64 n (StateSimple st) = StateSimple $ setCounter64' n st id + getCounter32 (StateSimple st) = getCounter32' st id + setCounter32 n (StateSimple st) = StateSimple $ setCounter32' n st id + +getCounter64' :: ScrubbedBytes -> (Ptr a -> Ptr StateSimple) -> Word64 +getCounter64' currSt conv = + unsafeDoIO $ do + B.withByteArray currSt $ \stPtr -> + ccrypton_chacha_counter64 $ conv stPtr + +getCounter32' :: ScrubbedBytes -> (Ptr a -> Ptr StateSimple) -> Word32 +getCounter32' currSt conv = + unsafeDoIO $ do + B.withByteArray currSt $ \stPtr -> + ccrypton_chacha_counter32 $ conv stPtr + +setCounter64' + :: Word64 -> ScrubbedBytes -> (Ptr a -> Ptr StateSimple) -> ScrubbedBytes +setCounter64' newCounter prevSt conv = + unsafeDoIO $ do + newSt <- B.copy prevSt (\_ -> return ()) + B.withByteArray newSt $ \stPtr -> + ccrypton_chacha_set_counter64 (conv stPtr) newCounter + return newSt + +setCounter32' + :: Word32 -> ScrubbedBytes -> (Ptr a -> Ptr StateSimple) -> ScrubbedBytes +setCounter32' newCounter prevSt conv = + unsafeDoIO $ do + newSt <- B.copy prevSt (\_ -> return ()) + B.withByteArray newSt $ \stPtr -> + ccrypton_chacha_set_counter32 (conv stPtr) newCounter + return newSt + -- | Initialize a new ChaCha context with the number of rounds, -- the key and the nonce associated. +-- To use ChaCha20 defined in RFC 8439, 20, 256bits-key and 96-bits nonce must be used. initialize :: (ByteArrayAccess key, ByteArrayAccess nonce) => Int @@ -163,15 +217,31 @@ ccrypton_chacha_random 8 dstPtr stPtr (fromIntegral nbBytes) return (output, StateSimple newSt) -foreign import ccall "crypton_chacha_init_core" +-- | similar to 'generate' but accepts a number of rounds, and always generates +-- 64 bytes (a single block) +generateSimpleBlock + :: ByteArray ba + => Word8 + -> StateSimple + -> (ba, StateSimple) +generateSimpleBlock nbRounds (StateSimple prevSt) + | nbRounds `notElem` [8, 12, 20] = error "ChaCha: rounds should be 8, 12 or 20" + | otherwise = unsafeDoIO $ do + newSt <- B.copy prevSt (\_ -> return ()) + output <- B.alloc 64 $ \dstPtr -> + B.withByteArray newSt $ \stPtr -> + ccrypton_chacha_generate_simple_block dstPtr stPtr nbRounds + return (output, StateSimple newSt) + +foreign import ccall unsafe "crypton_chacha_init_core" ccrypton_chacha_init_core :: Ptr StateSimple -> Int -> Ptr Word8 -> Int -> Ptr Word8 -> IO () -foreign import ccall "crypton_chacha_init" +foreign import ccall unsafe "crypton_chacha_init" ccrypton_chacha_init :: Ptr State -> Int -> Int -> Ptr Word8 -> Int -> Ptr Word8 -> IO () -foreign import ccall "crypton_xchacha_init" +foreign import ccall unsafe "crypton_xchacha_init" ccrypton_xchacha_init :: Ptr State -> Int -> Ptr Word8 -> Ptr Word8 -> IO () foreign import ccall "crypton_chacha_combine" @@ -182,3 +252,22 @@ foreign import ccall "crypton_chacha_random" ccrypton_chacha_random :: Int -> Ptr Word8 -> Ptr StateSimple -> CUInt -> IO () + +foreign import ccall unsafe "crypton_chacha_counter64" + ccrypton_chacha_counter64 :: Ptr StateSimple -> IO Word64 + +foreign import ccall unsafe "crypton_chacha_set_counter64" + ccrypton_chacha_set_counter64 :: Ptr StateSimple -> Word64 -> IO () + +foreign import ccall unsafe "crypton_chacha_counter32" + ccrypton_chacha_counter32 :: Ptr StateSimple -> IO Word32 + +foreign import ccall unsafe "crypton_chacha_set_counter32" + ccrypton_chacha_set_counter32 :: Ptr StateSimple -> Word32 -> IO () + +foreign import ccall unsafe "crypton_chacha_generate_simple_block" + ccrypton_chacha_generate_simple_block + :: Ptr Word8 -> Ptr StateSimple -> Word8 -> IO () + +foreign import capi unsafe "crypton_chacha.h crypton_chacha_get_state" + ccrypton_chacha_get_state :: Ptr State -> Ptr StateSimple diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/crypton-1.0.4/Crypto/Cipher/ChaChaPoly1305.hs new/crypton-1.0.6/Crypto/Cipher/ChaChaPoly1305.hs --- old/crypton-1.0.4/Crypto/Cipher/ChaChaPoly1305.hs 2001-09-09 03:46:40.000000000 +0200 +++ new/crypton-1.0.6/Crypto/Cipher/ChaChaPoly1305.hs 2001-09-09 03:46:40.000000000 +0200 @@ -6,7 +6,7 @@ -- Portability : good -- -- A simple AEAD scheme using ChaCha20 and Poly1305. See --- <https://tools.ietf.org/html/rfc7539 RFC 7539>. +-- <https://tools.ietf.org/html/rfc8439 RFC 8439>. -- -- The State is not modified in place, so each function changing the State, -- returns a new State. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/crypton-1.0.4/Crypto/Cipher/Types/AEAD.hs new/crypton-1.0.6/Crypto/Cipher/Types/AEAD.hs --- old/crypton-1.0.4/Crypto/Cipher/Types/AEAD.hs 2001-09-09 03:46:40.000000000 +0200 +++ new/crypton-1.0.6/Crypto/Cipher/Types/AEAD.hs 2001-09-09 03:46:40.000000000 +0200 @@ -19,42 +19,46 @@ -- | AEAD Implementation data AEADModeImpl st = AEADModeImpl { aeadImplAppendHeader :: forall ba. ByteArrayAccess ba => st -> ba -> st + -- ^ Adding associated\/additional data to the AEAD context. , aeadImplEncrypt :: forall ba. ByteArray ba => st -> ba -> (ba, st) + -- ^ Encrypiting plaintext and update the AEAD context. , aeadImplDecrypt :: forall ba. ByteArray ba => st -> ba -> (ba, st) + -- ^ Decrypting ciphertext and update the AEAD context. , aeadImplFinalize :: st -> Int -> AuthTag + -- ^ Finalizing the AEAD context and returning the authentication tag. } --- | Authenticated Encryption with Associated Data algorithms +-- | Algorithm and context for AEAD(Authenticated Encryption with Associated\/Additional Data) data AEAD cipher = forall st. AEAD { aeadModeImpl :: AEADModeImpl st , aeadState :: !st } --- | Append some header information to an AEAD context +-- | Adding associated\/additional data to the AEAD context. aeadAppendHeader :: ByteArrayAccess aad => AEAD cipher -> aad -> AEAD cipher aeadAppendHeader (AEAD impl st) aad = AEAD impl $ aeadImplAppendHeader impl st aad --- | Encrypt some data and update the AEAD context +-- | Encrypting plaintext and update the AEAD context. aeadEncrypt :: ByteArray ba => AEAD cipher -> ba -> (ba, AEAD cipher) aeadEncrypt (AEAD impl st) ba = second (AEAD impl) $ aeadImplEncrypt impl st ba --- | Decrypt some data and update the AEAD context +-- | Decrypting ciphertext and update the AEAD context. aeadDecrypt :: ByteArray ba => AEAD cipher -> ba -> (ba, AEAD cipher) aeadDecrypt (AEAD impl st) ba = second (AEAD impl) $ aeadImplDecrypt impl st ba --- | Finalize the AEAD context and return the authentication tag +-- | Finalizing the AEAD context and returning the authentication tag. aeadFinalize :: AEAD cipher -> Int -> AuthTag aeadFinalize (AEAD impl st) = aeadImplFinalize impl st --- | Simple AEAD encryption +-- | Simple AEAD encryption. aeadSimpleEncrypt :: (ByteArrayAccess aad, ByteArray ba) => AEAD a - -- ^ A new AEAD Context + -- ^ An AEAD Context -> aad - -- ^ Optional Authentication data header + -- ^ Associated\/additional data -> ba - -- ^ Optional Plaintext + -- ^ Plaintext -> Int -- ^ Tag length -> (AuthTag, ba) @@ -65,13 +69,13 @@ (output, aeadFinal) = aeadEncrypt aead input tag = aeadFinalize aeadFinal taglen --- | Simple AEAD decryption +-- | Simple AEAD decryptio. aeadSimpleDecrypt :: (ByteArrayAccess aad, ByteArray ba) => AEAD a - -- ^ A new AEAD Context + -- ^ An AEAD Context -> aad - -- ^ Optional Authentication data header + -- ^ Associated\/additional data -> ba -- ^ Ciphertext -> AuthTag diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/crypton-1.0.4/Crypto/Internal/CompatPrim.hs new/crypton-1.0.6/Crypto/Internal/CompatPrim.hs --- old/crypton-1.0.4/Crypto/Internal/CompatPrim.hs 2001-09-09 03:46:40.000000000 +0200 +++ new/crypton-1.0.6/Crypto/Internal/CompatPrim.hs 2001-09-09 03:46:40.000000000 +0200 @@ -28,9 +28,9 @@ #endif #if __GLASGOW_HASKELL__ >= 902 -import GHC.Prim +import GHC.Exts #else -import GHC.Prim hiding (Word32#) +import GHC.Exts hiding (Word32#) type Word32# = Word# #endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/crypton-1.0.4/Crypto/Internal/Endian.hs new/crypton-1.0.6/Crypto/Internal/Endian.hs --- old/crypton-1.0.4/Crypto/Internal/Endian.hs 1970-01-01 01:00:00.000000000 +0100 +++ new/crypton-1.0.6/Crypto/Internal/Endian.hs 2001-09-09 03:46:40.000000000 +0200 @@ -0,0 +1,43 @@ +{-# LANGUAGE CPP #-} + +-- | +-- Module : Crypto.Internal.Endian +-- License : BSD-style +-- Maintainer : Vincent Hanquez <[email protected]> +-- Stability : stable +-- Portability : good +module Crypto.Internal.Endian ( + fromBE64, + toBE64, + fromLE64, + toLE64, +) where + +import Crypto.Internal.Compat (byteSwap64) +import Data.Word (Word64) + +#ifdef ARCH_IS_LITTLE_ENDIAN +fromLE64 :: Word64 -> Word64 +fromLE64 = id + +toLE64 :: Word64 -> Word64 +toLE64 = id + +fromBE64 :: Word64 -> Word64 +fromBE64 = byteSwap64 + +toBE64 :: Word64 -> Word64 +toBE64 = byteSwap64 +#else +fromLE64 :: Word64 -> Word64 +fromLE64 = byteSwap64 + +toLE64 :: Word64 -> Word64 +toLE64 = byteSwap64 + +fromBE64 :: Word64 -> Word64 +fromBE64 = id + +toBE64 :: Word64 -> Word64 +toBE64 = id +#endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/crypton-1.0.4/Crypto/Internal/WordArray.hs new/crypton-1.0.6/Crypto/Internal/WordArray.hs --- old/crypton-1.0.4/Crypto/Internal/WordArray.hs 2001-09-09 03:46:40.000000000 +0200 +++ new/crypton-1.0.6/Crypto/Internal/WordArray.hs 2001-09-09 03:46:40.000000000 +0200 @@ -38,8 +38,7 @@ import Crypto.Internal.CompatPrim import Data.Bits (xor) import Data.Word -import GHC.Prim -import GHC.Types +import GHC.Base import GHC.Word -- | Array of Word8 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/crypton-1.0.4/Crypto/PubKey/RSA/PKCS15.hs new/crypton-1.0.6/Crypto/PubKey/RSA/PKCS15.hs --- old/crypton-1.0.4/Crypto/PubKey/RSA/PKCS15.hs 2001-09-09 03:46:40.000000000 +0200 +++ new/crypton-1.0.6/Crypto/PubKey/RSA/PKCS15.hs 2001-09-09 03:46:40.000000000 +0200 @@ -421,7 +421,9 @@ => Maybe hashAlg -> PublicKey -> ByteString + -- ^ Message -> ByteString + -- ^ Signature -> Bool verify hashAlg pk m sm = case makeSignature hashAlg (public_size pk) m of diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/crypton-1.0.4/cbits/crypton_chacha.c new/crypton-1.0.6/cbits/crypton_chacha.c --- old/crypton-1.0.4/cbits/crypton_chacha.c 2001-09-09 03:46:40.000000000 +0200 +++ new/crypton-1.0.6/cbits/crypton_chacha.c 2001-09-09 03:46:40.000000000 +0200 @@ -260,9 +260,12 @@ for (; bytes >= 64; bytes -= 64, src += 64, dst += 64) { /* generate new chunk and update state */ chacha_core(ctx->nb_rounds, &out, st); - st->d[12] += 1; - if (st->d[12] == 0) - st->d[13] += 1; + uint32_t t0 = le32_to_cpu(st->d[12]); + st->d[12] = cpu_to_le32(t0 + 1); + if (st->d[12] == 0) { + uint32_t t1 = le32_to_cpu(st->d[13]); + st->d[13] = cpu_to_le32(t1 + 1); + } for (i = 0; i < 64; ++i) dst[i] = src[i] ^ out.b[i]; @@ -271,14 +274,17 @@ if (bytes > 0) { /* generate new chunk and update state */ chacha_core(ctx->nb_rounds, &out, st); - st->d[12] += 1; - if (st->d[12] == 0) - st->d[13] += 1; + uint32_t t0 = le32_to_cpu(st->d[12]); + st->d[12] = cpu_to_le32(t0 + 1); + if (st->d[12] == 0) { + uint32_t t1 = le32_to_cpu(st->d[13]); + st->d[13] = cpu_to_le32(t1 + 1); + } /* xor as much as needed */ for (i = 0; i < bytes; i++) dst[i] = src[i] ^ out.b[i]; - + /* copy the left over in the buffer */ ctx->prev_len = 64 - bytes; ctx->prev_ofs = i; @@ -288,6 +294,41 @@ } } +uint64_t crypton_chacha_counter64(crypton_chacha_state *st) +{ + uint64_t result = ((uint64_t) le32_to_cpu(st->d[12])) + | (((uint64_t) le32_to_cpu(st->d[13])) << 32); + return result; +} + +uint32_t crypton_chacha_counter32(crypton_chacha_state *st) +{ + return le32_to_cpu(st->d[12]); +} + +void crypton_chacha_set_counter64(crypton_chacha_state *st, uint64_t block_counter) +{ + uint64_t current_counter; + current_counter = ((uint64_t) le32_to_cpu(st->d[12])) + | (((uint64_t) le32_to_cpu(st->d[13])) << 32); + + if (current_counter == block_counter) + return; + + st->d[12] = cpu_to_le32((uint32_t) block_counter); + st->d[13] = cpu_to_le32((uint32_t) (block_counter >> 32)); +} + +void crypton_chacha_set_counter32(crypton_chacha_state *st, uint32_t block_counter) +{ + uint32_t current_counter = le32_to_cpu(st->d[12]); + + if (current_counter == block_counter) + return; + + st->d[12] = cpu_to_le32(block_counter); +} + void crypton_chacha_generate(uint8_t *dst, crypton_chacha_context *ctx, uint32_t bytes) { crypton_chacha_state *st; @@ -319,18 +360,24 @@ for (; bytes >= 64; bytes -= 64, dst += 64) { /* generate new chunk and update state */ chacha_core(ctx->nb_rounds, (block *) dst, st); - st->d[12] += 1; - if (st->d[12] == 0) - st->d[13] += 1; + uint32_t t0 = le32_to_cpu(st->d[12]); + st->d[12] = cpu_to_le32(t0 + 1); + if (st->d[12] == 0) { + uint32_t t1 = le32_to_cpu(st->d[13]); + st->d[13] = cpu_to_le32(t1 + 1); + } } } else { /* xor new 64-bytes chunks and store the left over if any */ for (; bytes >= 64; bytes -= 64, dst += 64) { /* generate new chunk and update state */ chacha_core(ctx->nb_rounds, &out, st); - st->d[12] += 1; - if (st->d[12] == 0) - st->d[13] += 1; + uint32_t t0 = le32_to_cpu(st->d[12]); + st->d[12] = cpu_to_le32(t0 + 1); + if (st->d[12] == 0) { + uint32_t t1 = le32_to_cpu(st->d[13]); + st->d[13] = cpu_to_le32(t1 + 1); + } for (i = 0; i < 64; ++i) dst[i] = out.b[i]; @@ -340,14 +387,17 @@ if (bytes > 0) { /* generate new chunk and update state */ chacha_core(ctx->nb_rounds, &out, st); - st->d[12] += 1; - if (st->d[12] == 0) - st->d[13] += 1; + uint32_t t0 = le32_to_cpu(st->d[12]); + st->d[12] = cpu_to_le32(t0 + 1); + if (st->d[12] == 0) { + uint32_t t1 = le32_to_cpu(st->d[13]); + st->d[13] = cpu_to_le32(t1 + 1); + } /* xor as much as needed */ for (i = 0; i < bytes; i++) dst[i] = out.b[i]; - + /* copy the left over in the buffer */ ctx->prev_len = 64 - bytes; ctx->prev_ofs = i; @@ -356,6 +406,27 @@ } } +void crypton_chacha_generate_simple_block(uint8_t *dst, crypton_chacha_state *st, uint8_t rounds) +{ + if (ALIGNED64(dst)) { + chacha_core(rounds, (block *) dst, st); + } else { + block out; + int i; + chacha_core(rounds, &out, st); + for (i = 0; i < 64; ++i) { + dst[i] = out.b[i]; + } + } + + uint32_t t0 = le32_to_cpu(st->d[12]); + st->d[12] = cpu_to_le32(t0 + 1); + if (st->d[12] == 0) { + uint32_t t1 = le32_to_cpu(st->d[13]); + st->d[13] = cpu_to_le32(t1 + 1); + } +} + void crypton_chacha_random(uint32_t rounds, uint8_t *dst, crypton_chacha_state *st, uint32_t bytes) { block out; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/crypton-1.0.4/cbits/crypton_chacha.h new/crypton-1.0.6/cbits/crypton_chacha.h --- old/crypton-1.0.4/cbits/crypton_chacha.h 2001-09-09 03:46:40.000000000 +0200 +++ new/crypton-1.0.6/cbits/crypton_chacha.h 2001-09-09 03:46:40.000000000 +0200 @@ -51,5 +51,10 @@ void crypton_xchacha_init(crypton_chacha_context *ctx, uint8_t nb_rounds, const uint8_t *key, const uint8_t *iv); void crypton_chacha_combine(uint8_t *dst, crypton_chacha_context *st, const uint8_t *src, uint32_t bytes); void crypton_chacha_generate(uint8_t *dst, crypton_chacha_context *st, uint32_t bytes); - +uint64_t crypton_chacha_counter64(crypton_chacha_state *st); +uint32_t crypton_chacha_counter32(crypton_chacha_state *st); +void crypton_chacha_set_counter64(crypton_chacha_state *st, uint64_t block_counter); +void crypton_chacha_set_counter32(crypton_chacha_state *st, uint32_t block_counter); +void crypton_chacha_generate_simple_block(uint8_t *dst, crypton_chacha_state *st, uint8_t rounds); +#define crypton_chacha_get_state(context) (&((crypton_chacha_context *) context)->st) #endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/crypton-1.0.4/cbits/decaf/include/word.h new/crypton-1.0.6/cbits/decaf/include/word.h --- old/crypton-1.0.4/cbits/decaf/include/word.h 2001-09-09 03:46:40.000000000 +0200 +++ new/crypton-1.0.6/cbits/decaf/include/word.h 2001-09-09 03:46:40.000000000 +0200 @@ -151,7 +151,7 @@ br_set_to_mask(mask_t x) { return vdupq_n_u32(x); } -#elif __amd64__ || __X86_64__ || __aarch64__ /* || _WIN64 -> WIN64 does not support int128 so force the build on arch32 default so do not use this define for _WIN64*/ +#elif __amd64__ || __X86_64__ || __aarch64__ || __loongarch_lp64 || __PPC64__ || __riscv || __s390x__ || __alpha__ || __powerpc64__ || (__sparc__ && __arch64__) /* || _WIN64 -> WIN64 does not support int128 so force the build on arch32 default so do not use this define for _WIN64*/ #define VECTOR_ALIGNED __attribute__((aligned(8))) typedef uint64_t big_register_t, uint64xn_t; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/crypton-1.0.4/crypton.cabal new/crypton-1.0.6/crypton.cabal --- old/crypton-1.0.4/crypton.cabal 2001-09-09 03:46:40.000000000 +0200 +++ new/crypton-1.0.6/crypton.cabal 2001-09-09 03:46:40.000000000 +0200 @@ -1,13 +1,13 @@ cabal-version: 1.18 name: crypton -version: 1.0.4 +version: 1.0.6 license: BSD3 license-file: LICENSE copyright: Vincent Hanquez <[email protected]> maintainer: Kazu Yamamoto <[email protected]> author: Vincent Hanquez <[email protected]> stability: experimental -tested-with: ghc ==9.2.2 ghc ==9.0.2 ghc ==8.10.7 ghc ==8.8.4 +tested-with: GHC ==8.8.4 || ==8.10.7 || ==9.0.2 || ==9.2.2 homepage: https://github.com/kazu-yamamoto/crypton bug-reports: https://github.com/kazu-yamamoto/crypton/issues synopsis: Cryptography Primitives sink @@ -41,29 +41,29 @@ extra-source-files: cbits/*.h cbits/aes/*.h - cbits/ed25519/*.h + cbits/aes/x86ni_impl.c + cbits/argon2/*.c + cbits/argon2/*.h + cbits/blake2/ref/*.h + cbits/blake2/sse/*.h + cbits/crypton_hash_prefix.c + cbits/decaf/ed448goldilocks/decaf.c + cbits/decaf/ed448goldilocks/decaf_tables.c cbits/decaf/include/*.h - cbits/decaf/include/decaf/*.h cbits/decaf/include/arch_32/*.h cbits/decaf/include/arch_ref64/*.h + cbits/decaf/include/decaf/*.h + cbits/decaf/p448/*.h cbits/decaf/p448/arch_32/*.h cbits/decaf/p448/arch_ref64/*.h - cbits/decaf/p448/*.h - cbits/decaf/ed448goldilocks/decaf_tables.c - cbits/decaf/ed448goldilocks/decaf.c + cbits/ed25519/*.h cbits/include32/p256/*.h cbits/include64/p256/*.h - cbits/blake2/ref/*.h - cbits/blake2/sse/*.h - cbits/argon2/*.h - cbits/argon2/*.c - cbits/aes/x86ni_impl.c - cbits/crypton_hash_prefix.c tests/*.hs extra-doc-files: - README.md CHANGELOG.md + README.md source-repository head type: git @@ -121,12 +121,13 @@ manual: True library + -- cabal-fmt: expand . -CHANGELOG -CONTRIBUTING -Crypto.Math.Polynomial -Crypto.Random.Entropy.RDRand -Crypto.Random.Entropy.Unix -Crypto.Random.Entropy.Windows -LICENSE -Makefile -QA -README -Setup -Crypto.Cipher.Blowfish.Box -Crypto.Cipher.Blowfish.Primitive -Crypto.Cipher.CAST5.Primitive -Crypto.Cipher.Camellia.Primitive -Crypto.Cipher.DES.Primitive -Crypto.Cipher.Twofish.Primitive -Crypto.Cipher.Types.AEAD -Crypto.Cipher.Types.Base -Crypto.Cipher.Types.Block -Crypto.Cipher.Types.GF -Crypto.Cipher.Types.Stream -Crypto.Cipher.Types.Utils -Crypto.ECC.Simple.Prim -Crypto.ECC.Simple.Types -Crypto.Error.Types -Crypto.Hash.Blake2 -Crypto.Hash.Blake2b -Crypto.Hash.Blake2bp -Crypto.Hash.Blake2s -Crypto.Hash.Blake2sp -Crypto.Hash.Keccak -Crypto.Hash.MD2 -Crypto.Hash.MD4 -Crypto.Hash.MD5 -Crypto.Hash.RIPEMD160 -Crypto.Hash.SHA1 -Crypto.Hash.SHA224 -Crypto.Hash.SHA256 -Crypto.Hash.SHA3 -Crypto.Hash.SHA384 -Crypto.Hash.SHA512 -Crypto.Hash.SHA512t -Crypto.Hash.SHAKE -Crypto.Hash.Skein256 -Crypto.Hash.Skein512 -Crypto.Hash.Tiger -Crypto.Hash.Types -Crypto.Hash.Whirlpool -Crypto.Internal.Builder -Crypto.Internal.ByteArray -Crypto.Internal.Compat -Crypto.Internal.CompatPrim -Crypto.Internal.DeepSeq -Crypto.Internal.Endian -Crypto.Internal.Imports -Crypto.Internal.Nat -Crypto.Internal.WordArray -Crypto.Internal.Words -Crypto.Number.Compat -Crypto.PubKey.ElGamal -Crypto.PubKey.Internal -Crypto.Random.ChaChaDRG -Crypto.Random.Entropy.Backend -Crypto.Random.Entropy.Source -Crypto.Random.HmacDRG -Crypto.Random.Probabilistic -Crypto.Random.SystemDRG -Crypto.Cipher.AES.Primitive exposed-modules: Crypto.Cipher.AES Crypto.Cipher.AESGCMSIV Crypto.Cipher.Blowfish - Crypto.Cipher.CAST5 Crypto.Cipher.Camellia + Crypto.Cipher.CAST5 Crypto.Cipher.ChaCha Crypto.Cipher.ChaChaPoly1305 Crypto.Cipher.DES @@ -143,11 +144,20 @@ Crypto.ECC Crypto.ECC.Edwards25519 Crypto.Error + Crypto.Hash + Crypto.Hash.Algorithms + Crypto.Hash.IO + Crypto.KDF.Argon2 + Crypto.KDF.BCrypt + Crypto.KDF.BCryptPBKDF + Crypto.KDF.HKDF + Crypto.KDF.PBKDF2 + Crypto.KDF.Scrypt Crypto.MAC.CMAC - Crypto.MAC.Poly1305 Crypto.MAC.HMAC Crypto.MAC.KeyedBlake2 Crypto.MAC.KMAC + Crypto.MAC.Poly1305 Crypto.Number.Basic Crypto.Number.F2m Crypto.Number.Generate @@ -155,91 +165,51 @@ Crypto.Number.Nat Crypto.Number.Prime Crypto.Number.Serialize - Crypto.Number.Serialize.LE Crypto.Number.Serialize.Internal Crypto.Number.Serialize.Internal.LE - Crypto.KDF.Argon2 - Crypto.KDF.PBKDF2 - Crypto.KDF.Scrypt - Crypto.KDF.BCrypt - Crypto.KDF.BCryptPBKDF - Crypto.KDF.HKDF - Crypto.Hash - Crypto.Hash.IO - Crypto.Hash.Algorithms + Crypto.Number.Serialize.LE Crypto.OTP Crypto.PubKey.Curve25519 Crypto.PubKey.Curve448 - Crypto.PubKey.MaskGenFunction Crypto.PubKey.DH Crypto.PubKey.DSA - Crypto.PubKey.ECC.Generate - Crypto.PubKey.ECC.Prim Crypto.PubKey.ECC.DH Crypto.PubKey.ECC.ECDSA + Crypto.PubKey.ECC.Generate Crypto.PubKey.ECC.P256 + Crypto.PubKey.ECC.Prim Crypto.PubKey.ECC.Types Crypto.PubKey.ECDSA Crypto.PubKey.ECIES Crypto.PubKey.Ed25519 Crypto.PubKey.Ed448 Crypto.PubKey.EdDSA + Crypto.PubKey.MaskGenFunction + Crypto.PubKey.Rabin.Basic + Crypto.PubKey.Rabin.Modified + Crypto.PubKey.Rabin.OAEP + Crypto.PubKey.Rabin.RW + Crypto.PubKey.Rabin.Types Crypto.PubKey.RSA + Crypto.PubKey.RSA.OAEP Crypto.PubKey.RSA.PKCS15 Crypto.PubKey.RSA.Prim Crypto.PubKey.RSA.PSS - Crypto.PubKey.RSA.OAEP Crypto.PubKey.RSA.Types - Crypto.PubKey.Rabin.OAEP - Crypto.PubKey.Rabin.Basic - Crypto.PubKey.Rabin.Modified - Crypto.PubKey.Rabin.RW - Crypto.PubKey.Rabin.Types Crypto.Random - Crypto.Random.Types Crypto.Random.Entropy - Crypto.Random.EntropyPool Crypto.Random.Entropy.Unsafe + Crypto.Random.EntropyPool + Crypto.Random.Types Crypto.System.CPU Crypto.Tutorial - cc-options: -std=gnu99 - c-sources: - cbits/crypton_chacha.c - cbits/crypton_salsa.c - cbits/crypton_xsalsa.c - cbits/crypton_rc4.c - cbits/crypton_cpu.c - cbits/p256/p256.c - cbits/p256/p256_ec.c - cbits/crypton_blake2s.c - cbits/crypton_blake2sp.c - cbits/crypton_blake2b.c - cbits/crypton_blake2bp.c - cbits/crypton_poly1305.c - cbits/crypton_sha1.c - cbits/crypton_sha256.c - cbits/crypton_sha512.c - cbits/crypton_sha3.c - cbits/crypton_md2.c - cbits/crypton_md4.c - cbits/crypton_md5.c - cbits/crypton_ripemd.c - cbits/crypton_skein256.c - cbits/crypton_skein512.c - cbits/crypton_tiger.c - cbits/crypton_whirlpool.c - cbits/crypton_scrypt.c - cbits/crypton_pbkdf2.c - cbits/ed25519/ed25519.c - cbits/argon2/argon2.c - other-modules: Crypto.Cipher.AES.Primitive Crypto.Cipher.Blowfish.Box Crypto.Cipher.Blowfish.Primitive - Crypto.Cipher.CAST5.Primitive Crypto.Cipher.Camellia.Primitive + Crypto.Cipher.CAST5.Primitive Crypto.Cipher.DES.Primitive Crypto.Cipher.Twofish.Primitive Crypto.Cipher.Types.AEAD @@ -248,50 +218,82 @@ Crypto.Cipher.Types.GF Crypto.Cipher.Types.Stream Crypto.Cipher.Types.Utils + Crypto.ECC.Simple.Prim + Crypto.ECC.Simple.Types Crypto.Error.Types - Crypto.Number.Compat - Crypto.Hash.Types Crypto.Hash.Blake2 - Crypto.Hash.Blake2s - Crypto.Hash.Blake2sp Crypto.Hash.Blake2b Crypto.Hash.Blake2bp + Crypto.Hash.Blake2s + Crypto.Hash.Blake2sp + Crypto.Hash.Keccak + Crypto.Hash.MD2 + Crypto.Hash.MD4 + Crypto.Hash.MD5 + Crypto.Hash.RIPEMD160 Crypto.Hash.SHA1 Crypto.Hash.SHA224 Crypto.Hash.SHA256 + Crypto.Hash.SHA3 Crypto.Hash.SHA384 Crypto.Hash.SHA512 Crypto.Hash.SHA512t - Crypto.Hash.SHA3 Crypto.Hash.SHAKE - Crypto.Hash.Keccak - Crypto.Hash.MD2 - Crypto.Hash.MD4 - Crypto.Hash.MD5 - Crypto.Hash.RIPEMD160 Crypto.Hash.Skein256 Crypto.Hash.Skein512 Crypto.Hash.Tiger + Crypto.Hash.Types Crypto.Hash.Whirlpool - Crypto.Random.Entropy.Source - Crypto.Random.Entropy.Backend - Crypto.Random.ChaChaDRG - Crypto.Random.HmacDRG - Crypto.Random.SystemDRG - Crypto.Random.Probabilistic - Crypto.PubKey.Internal - Crypto.PubKey.ElGamal - Crypto.ECC.Simple.Types - Crypto.ECC.Simple.Prim Crypto.Internal.Builder Crypto.Internal.ByteArray Crypto.Internal.Compat Crypto.Internal.CompatPrim Crypto.Internal.DeepSeq + Crypto.Internal.Endian Crypto.Internal.Imports Crypto.Internal.Nat - Crypto.Internal.Words Crypto.Internal.WordArray + Crypto.Internal.Words + Crypto.Number.Compat + Crypto.PubKey.ElGamal + Crypto.PubKey.Internal + Crypto.Random.ChaChaDRG + Crypto.Random.Entropy.Backend + Crypto.Random.Entropy.Source + Crypto.Random.HmacDRG + Crypto.Random.Probabilistic + Crypto.Random.SystemDRG + + cc-options: -std=gnu99 + c-sources: + cbits/argon2/argon2.c + cbits/crypton_blake2b.c + cbits/crypton_blake2bp.c + cbits/crypton_blake2s.c + cbits/crypton_blake2sp.c + cbits/crypton_chacha.c + cbits/crypton_cpu.c + cbits/crypton_md2.c + cbits/crypton_md4.c + cbits/crypton_md5.c + cbits/crypton_pbkdf2.c + cbits/crypton_poly1305.c + cbits/crypton_rc4.c + cbits/crypton_ripemd.c + cbits/crypton_salsa.c + cbits/crypton_scrypt.c + cbits/crypton_sha1.c + cbits/crypton_sha256.c + cbits/crypton_sha3.c + cbits/crypton_sha512.c + cbits/crypton_skein256.c + cbits/crypton_skein512.c + cbits/crypton_tiger.c + cbits/crypton_whirlpool.c + cbits/crypton_xsalsa.c + cbits/ed25519/ed25519.c + cbits/p256/p256.c + cbits/p256/p256_ec.c default-language: Haskell2010 include-dirs: @@ -300,52 +302,51 @@ ghc-options: -Wall -fwarn-tabs -optc-O3 build-depends: - base >=4.13 && <5, - bytestring, - memory >=0.14.18, - basement >=0.0.6, - ghc-prim + base >=4.13 && <5 + , basement >=0.0.6 + , bytestring + , memory >=0.14.18 if flag(old_toolchain_inliner) cc-options: -fgnu89-inline - if (arch(x86_64) || arch(aarch64)) + if (arch(x86_64) || arch(aarch64) || arch(loongarch64) || arch(ppc64le) || arch(riscv64) || arch(s390x) || arch(alpha) || arch(ppc64) || arch(sparc64)) include-dirs: cbits/include64 else include-dirs: cbits/include32 - if (arch(x86_64) || arch(aarch64)) + if (arch(x86_64) || arch(aarch64) || arch(loongarch64) || arch(ppc64le) || arch(riscv64) || arch(s390x) || arch(alpha) || arch(ppc64) || arch(sparc64)) c-sources: + cbits/decaf/ed448goldilocks/decaf_all.c + cbits/decaf/ed448goldilocks/eddsa.c + cbits/decaf/ed448goldilocks/scalar.c cbits/decaf/p448/arch_ref64/f_impl.c - cbits/decaf/p448/f_generic.c cbits/decaf/p448/f_arithmetic.c + cbits/decaf/p448/f_generic.c cbits/decaf/utils.c - cbits/decaf/ed448goldilocks/scalar.c - cbits/decaf/ed448goldilocks/decaf_all.c - cbits/decaf/ed448goldilocks/eddsa.c include-dirs: cbits/decaf/include/arch_ref64 cbits/decaf/p448/arch_ref64 else c-sources: + cbits/decaf/ed448goldilocks/decaf_all.c + cbits/decaf/ed448goldilocks/eddsa.c + cbits/decaf/ed448goldilocks/scalar.c cbits/decaf/p448/arch_32/f_impl.c - cbits/decaf/p448/f_generic.c cbits/decaf/p448/f_arithmetic.c + cbits/decaf/p448/f_generic.c cbits/decaf/utils.c - cbits/decaf/ed448goldilocks/scalar.c - cbits/decaf/ed448goldilocks/decaf_all.c - cbits/decaf/ed448goldilocks/eddsa.c include-dirs: cbits/decaf/include/arch_32 cbits/decaf/p448/arch_32 - if (arch(x86_64) || arch(aarch64)) + if (arch(x86_64) || arch(aarch64) || arch(loongarch64) || arch(ppc64le) || arch(riscv64) || arch(s390x) || arch(alpha) || arch(ppc64) || arch(sparc64)) c-sources: cbits/curve25519/curve25519-donna-c64.c else c-sources: cbits/curve25519/curve25519-donna.c - if (arch(i386) || arch(x86_64)) + if (arch(i386) || arch(x86_64) || arch(loongarch64) || arch(ppc64le) || arch(riscv64) || arch(alpha)) cpp-options: -DARCH_IS_LITTLE_ENDIAN if arch(i386) @@ -362,9 +363,9 @@ if ((flag(support_aesni) && ((os(linux) || os(freebsd)) || os(osx))) && (arch(i386) || arch(x86_64))) cc-options: -DWITH_AESNI c-sources: - cbits/aes/x86ni.c cbits/aes/generic.c cbits/aes/gf.c + cbits/aes/x86ni.c cbits/crypton_aes.c if !flag(use_target_attributes) @@ -384,19 +385,19 @@ if (arch(x86_64) || flag(support_sse)) c-sources: - cbits/blake2/sse/blake2s.c - cbits/blake2/sse/blake2sp.c cbits/blake2/sse/blake2b.c cbits/blake2/sse/blake2bp.c + cbits/blake2/sse/blake2s.c + cbits/blake2/sse/blake2sp.c include-dirs: cbits/blake2/sse else c-sources: - cbits/blake2/ref/blake2s-ref.c - cbits/blake2/ref/blake2sp-ref.c cbits/blake2/ref/blake2b-ref.c cbits/blake2/ref/blake2bp-ref.c + cbits/blake2/ref/blake2s-ref.c + cbits/blake2/ref/blake2sp-ref.c include-dirs: cbits/blake2/ref @@ -415,7 +416,7 @@ else other-modules: Crypto.Random.Entropy.Unix - if (impl(ghc >=0) && flag(integer-gmp)) + if (impl(ghc) && flag(integer-gmp)) build-depends: integer-gmp if flag(support_deepseq) @@ -432,57 +433,59 @@ type: exitcode-stdio-1.0 main-is: Tests.hs hs-source-dirs: tests + + -- cabal-fmt: expand tests -Tests other-modules: - BlockCipher - ChaCha BCrypt BCryptPBKDF + BlockCipher + ChaCha + ChaChaPoly1305 ECC ECC.Edwards25519 ECDSA Hash Imports + KAT_AES KAT_AES.KATCBC + KAT_AES.KATCCM KAT_AES.KATECB KAT_AES.KATGCM - KAT_AES.KATCCM KAT_AES.KATOCB3 KAT_AES.KATXTS - KAT_AES KAT_AESGCMSIV KAT_AFIS KAT_Argon2 + KAT_Blake2 KAT_Blowfish - KAT_CAST5 KAT_Camellia + KAT_CAST5 + KAT_CMAC KAT_Curve25519 KAT_Curve448 KAT_DES KAT_Ed25519 KAT_Ed448 KAT_EdDSA - KAT_Blake2 - KAT_CMAC KAT_HKDF KAT_HMAC KAT_KMAC KAT_MiyaguchiPreneel - KAT_PBKDF2 KAT_OTP + KAT_PBKDF2 + KAT_PubKey KAT_PubKey.DSA KAT_PubKey.ECC KAT_PubKey.ECDSA KAT_PubKey.OAEP - KAT_PubKey.PSS KAT_PubKey.P256 - KAT_PubKey.RSA + KAT_PubKey.PSS KAT_PubKey.Rabin - KAT_PubKey + KAT_PubKey.RSA KAT_RC4 KAT_Scrypt KAT_TripleDES KAT_Twofish - ChaChaPoly1305 Number Number.F2m Padding @@ -496,14 +499,14 @@ -Wall -fno-warn-orphans -fno-warn-missing-signatures -rtsopts build-depends: - base >=4.13 && <5, - bytestring, - memory, - tasty, - tasty-quickcheck, - tasty-hunit, - tasty-kat, - crypton + base >=4.13 && <5 + , bytestring + , crypton + , memory + , tasty + , tasty-hunit + , tasty-kat + , tasty-quickcheck benchmark bench-crypton type: exitcode-stdio-1.0 @@ -513,10 +516,12 @@ default-language: Haskell2010 ghc-options: -Wall -fno-warn-missing-signatures build-depends: - base >=4.13 && <5, - bytestring, - deepseq, - memory, - gauge, - random, - crypton + base >=4.13 && <5 + , bytestring + , crypton + , deepseq + , gauge + , memory + , random + +-- cabal-fmt: indent 4 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/crypton-1.0.4/tests/ChaCha.hs new/crypton-1.0.6/tests/ChaCha.hs --- old/crypton-1.0.4/tests/ChaCha.hs 2001-09-09 03:46:40.000000000 +0200 +++ new/crypton-1.0.6/tests/ChaCha.hs 2001-09-09 03:46:40.000000000 +0200 @@ -39,6 +39,55 @@ expected = "\x45\x59\xab\xba\x4e\x48\xc1\x61\x02\xe8\xbb\x2c\x05\xe6\x94\x7f\x50\xa7\x86\xde\x16\x2f\x9b\x0b\x7e\x59\x2a\x9b\x53\xd0\xd4\xe9\x8d\x8d\x64\x10\xd5\x40\xa1\xa6\x37\x5b\x26\xd8\x0d\xac\xe4\xfa\xb5\x23\x84\xc7\x31\xac\xbf\x16\xa5\x92\x3c\x0c\x48\xd3\x57\x5d\x4d\x0d\x2c\x67\x3b\x66\x6f\xaa\x73\x10\x61\x27\x77\x01\x09\x3a\x6b\xf7\xa1\x58\xa8\x86\x42\x92\xa4\x1c\x48\xe3\xa9\xb4\xc0\xda\xec\xe0\xf8\xd9\x8d\x0d\x7e\x05\xb3\x7a\x30\x7b\xbb\x66\x33\x31\x64\xec\x9e\x1b\x24\xea\x0d\x6c\x3f\xfd\xdc\xec\x4f\x68\xe7\x44\x30\x56\x19\x3a\x03\xc8\x10\xe1\x13\x44\xca\x06\xd8\xed\x8a\x2b\xfb\x1e\x8d\x48\xcf\xa6\xbc\x0e\xb4\xe2\x46\x4b\x74\x81\x42\x40\x7c\x9f\x43\x1a\xee\x76\x99\x60\xe1\x5b\xa8\xb9\x68\x90\x46\x6e\xf2\x45\x75\x99\x85\x23\x85\xc6\x61\xf7\x52\xce\x20\xf9\xda\x0c\x09\xab\x6b\x19\xdf\x74\xe7\x6a\x95\x96\x74\x46\xf8\xd0\xfd\x41\x5e\x7b\xee\x2a\x12\xa1\x14\xc2\x0e\xb5\x29\x2a\xe7\xa3\x49\xae\x57\x78\x20\xd5\x52\x0a\x1f\x3f\xb6\x2a\x17\xce\x6a\x7e\x68\xfa\x7c\x79\x11\x1d\x88\x60\x92 \x0b\xc0\x48\xef\x43\xfe\x84\x48\x6c\xcb\x87\xc2\x5f\x0a\xe0\x45\xf0\xcc\xe1\xe7\x98\x9a\x9a\xa2\x20\xa2\x8b\xdd\x48\x27\xe7\x51\xa2\x4a\x6d\x5c\x62\xd7\x90\xa6\x63\x93\xb9\x31\x11\xc1\xa5\x5d\xd7\x42\x1a\x10\x18\x49\x74\xc7\xc5" +rfc8439A2_1 = cipher @=? cipher' + where + key :: ByteString + key = + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + nonce :: ByteString + nonce = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + plain :: ByteString + plain = + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + cipher :: ByteString + cipher = + "\x76\xb8\xe0\xad\xa0\xf1\x3d\x90\x40\x5d\x6a\xe5\x53\x86\xbd\x28\xbd\xd2\x19\xb8\xa0\x8d\xed\x1a\xa8\x36\xef\xcc\x8b\x77\x0d\xc7\xda\x41\x59\x7c\x51\x57\x48\x8d\x77\x24\xe0\x3f\xb8\xd8\x4a\x37\x6a\x43\xb8\xf4\x15\x18\xa1\x1c\xc3\x87\xb6\x69\xb2\xee\x65\x86" + cipher' = fst $ ChaCha.combine (ChaCha.initialize 20 key nonce) plain + +rfc8439A2_2 = cipher @=? cipher' + where + key :: ByteString + key = + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01" + nonce :: ByteString + nonce = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02" + plain :: ByteString + plain = + "\x41\x6e\x79\x20\x73\x75\x62\x6d\x69\x73\x73\x69\x6f\x6e\x20\x74\x6f\x20\x74\x68\x65\x20\x49\x45\x54\x46\x20\x69\x6e\x74\x65\x6e\x64\x65\x64\x20\x62\x79\x20\x74\x68\x65\x20\x43\x6f\x6e\x74\x72\x69\x62\x75\x74\x6f\x72\x20\x66\x6f\x72\x20\x70\x75\x62\x6c\x69\x63\x61\x74\x69\x6f\x6e\x20\x61\x73\x20\x61\x6c\x6c\x20\x6f\x72\x20\x70\x61\x72\x74\x20\x6f\x66\x20\x61\x6e\x20\x49\x45\x54\x46\x20\x49\x6e\x74\x65\x72\x6e\x65\x74\x2d\x44\x72\x61\x66\x74\x20\x6f\x72\x20\x52\x46\x43\x20\x61\x6e\x64\x20\x61\x6e\x79\x20\x73\x74\x61\x74\x65\x6d\x65\x6e\x74\x20\x6d\x61\x64\x65\x20\x77\x69\x74\x68\x69\x6e\x20\x74\x68\x65\x20\x63\x6f\x6e\x74\x65\x78\x74\x20\x6f\x66\x20\x61\x6e\x20\x49\x45\x54\x46\x20\x61\x63\x74\x69\x76\x69\x74\x79\x20\x69\x73\x20\x63\x6f\x6e\x73\x69\x64\x65\x72\x65\x64\x20\x61\x6e\x20\x22\x49\x45\x54\x46\x20\x43\x6f\x6e\x74\x72\x69\x62\x75\x74\x69\x6f\x6e\x22\x2e\x20\x53\x75\x63\x68\x20\x73\x74\x61\x74\x65\x6d\x65\x6e\x74\x73\x20\x69\x6e\x63\x6c\x75\x64\x65\x20\x6f\x72\x61\x6c \x20\x73\x74\x61\x74\x65\x6d\x65\x6e\x74\x73\x20\x69\x6e\x20\x49\x45\x54\x46\x20\x73\x65\x73\x73\x69\x6f\x6e\x73\x2c\x20\x61\x73\x20\x77\x65\x6c\x6c\x20\x61\x73\x20\x77\x72\x69\x74\x74\x65\x6e\x20\x61\x6e\x64\x20\x65\x6c\x65\x63\x74\x72\x6f\x6e\x69\x63\x20\x63\x6f\x6d\x6d\x75\x6e\x69\x63\x61\x74\x69\x6f\x6e\x73\x20\x6d\x61\x64\x65\x20\x61\x74\x20\x61\x6e\x79\x20\x74\x69\x6d\x65\x20\x6f\x72\x20\x70\x6c\x61\x63\x65\x2c\x20\x77\x68\x69\x63\x68\x20\x61\x72\x65\x20\x61\x64\x64\x72\x65\x73\x73\x65\x64\x20\x74\x6f" + cipher :: ByteString + cipher = + "\xa3\xfb\xf0\x7d\xf3\xfa\x2f\xde\x4f\x37\x6c\xa2\x3e\x82\x73\x70\x41\x60\x5d\x9f\x4f\x4f\x57\xbd\x8c\xff\x2c\x1d\x4b\x79\x55\xec\x2a\x97\x94\x8b\xd3\x72\x29\x15\xc8\xf3\xd3\x37\xf7\xd3\x70\x05\x0e\x9e\x96\xd6\x47\xb7\xc3\x9f\x56\xe0\x31\xca\x5e\xb6\x25\x0d\x40\x42\xe0\x27\x85\xec\xec\xfa\x4b\x4b\xb5\xe8\xea\xd0\x44\x0e\x20\xb6\xe8\xdb\x09\xd8\x81\xa7\xc6\x13\x2f\x42\x0e\x52\x79\x50\x42\xbd\xfa\x77\x73\xd8\xa9\x05\x14\x47\xb3\x29\x1c\xe1\x41\x1c\x68\x04\x65\x55\x2a\xa6\xc4\x05\xb7\x76\x4d\x5e\x87\xbe\xa8\x5a\xd0\x0f\x84\x49\xed\x8f\x72\xd0\xd6\x62\xab\x05\x26\x91\xca\x66\x42\x4b\xc8\x6d\x2d\xf8\x0e\xa4\x1f\x43\xab\xf9\x37\xd3\x25\x9d\xc4\xb2\xd0\xdf\xb4\x8a\x6c\x91\x39\xdd\xd7\xf7\x69\x66\xe9\x28\xe6\x35\x55\x3b\xa7\x6c\x5c\x87\x9d\x7b\x35\xd4\x9e\xb2\xe6\x2b\x08\x71\xcd\xac\x63\x89\x39\xe2\x5e\x8a\x1e\x0e\xf9\xd5\x28\x0f\xa8\xca\x32\x8b\x35\x1c\x3c\x76\x59\x89\xcb\xcf\x3d\xaa\x8b\x6c\xcc\x3a\xaf\x9f\x39\x79\xc9\x2b\x37\x20\xfc\x88\xdc\x95\xed\x84\xa1\xbe\x05\x9c\x64\x99\xb9 \xfd\xa2\x36\xe7\xe8\x18\xb0\x4b\x0b\xc3\x9c\x1e\x87\x6b\x19\x3b\xfe\x55\x69\x75\x3f\x88\x12\x8c\xc0\x8a\xaa\x9b\x63\xd1\xa1\x6f\x80\xef\x25\x54\xd7\x18\x9c\x41\x1f\x58\x69\xca\x52\xc5\xb8\x3f\xa3\x6f\xf2\x16\xb9\xc1\xd3\x00\x62\xbe\xbc\xfd\x2d\xc5\xbc\xe0\x91\x19\x34\xfd\xa7\x9a\x86\xf6\xe6\x98\xce\xd7\x59\xc3\xff\x9b\x64\x77\x33\x8f\x3d\xa4\xf9\xcd\x85\x14\xea\x99\x82\xcc\xaf\xb3\x41\xb2\x38\x4d\xd9\x02\xf3\xd1\xab\x7a\xc6\x1d\xd2\x9c\x6f\x21\xba\x5b\x86\x2f\x37\x30\xe3\x7c\xfd\xc4\xfd\x80\x6c\x22\xf2\x21" + cipher' = + fst $ + ChaCha.combine (ChaCha.setCounter32 1 (ChaCha.initialize 20 key nonce)) plain + +rfc8439A2_3 = cipher @=? cipher' + where + key :: ByteString + key = + "\x1c\x92\x40\xa5\xeb\x55\xd3\x8a\xf3\x33\x88\x86\x04\xf6\xb5\xf0\x47\x39\x17\xc1\x40\x2b\x80\x09\x9d\xca\x5c\xbc\x20\x70\x75\xc0" + nonce :: ByteString + nonce = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02" + plain :: ByteString + plain = + "\x27\x54\x77\x61\x73\x20\x62\x72\x69\x6c\x6c\x69\x67\x2c\x20\x61\x6e\x64\x20\x74\x68\x65\x20\x73\x6c\x69\x74\x68\x79\x20\x74\x6f\x76\x65\x73\x0a\x44\x69\x64\x20\x67\x79\x72\x65\x20\x61\x6e\x64\x20\x67\x69\x6d\x62\x6c\x65\x20\x69\x6e\x20\x74\x68\x65\x20\x77\x61\x62\x65\x3a\x0a\x41\x6c\x6c\x20\x6d\x69\x6d\x73\x79\x20\x77\x65\x72\x65\x20\x74\x68\x65\x20\x62\x6f\x72\x6f\x67\x6f\x76\x65\x73\x2c\x0a\x41\x6e\x64\x20\x74\x68\x65\x20\x6d\x6f\x6d\x65\x20\x72\x61\x74\x68\x73\x20\x6f\x75\x74\x67\x72\x61\x62\x65\x2e" + cipher :: ByteString + cipher = + "\x62\xe6\x34\x7f\x95\xed\x87\xa4\x5f\xfa\xe7\x42\x6f\x27\xa1\xdf\x5f\xb6\x91\x10\x04\x4c\x0d\x73\x11\x8e\xff\xa9\x5b\x01\xe5\xcf\x16\x6d\x3d\xf2\xd7\x21\xca\xf9\xb2\x1e\x5f\xb1\x4c\x61\x68\x71\xfd\x84\xc5\x4f\x9d\x65\xb2\x83\x19\x6c\x7f\xe4\xf6\x05\x53\xeb\xf3\x9c\x64\x02\xc4\x22\x34\xe3\x2a\x35\x6b\x3e\x76\x43\x12\xa6\x1a\x55\x32\x05\x57\x16\xea\xd6\x96\x25\x68\xf8\x7d\x3f\x3f\x77\x04\xc6\xa8\xd1\xbc\xd1\xbf\x4d\x50\xd6\x15\x4b\x6d\xa7\x31\xb1\x87\xb5\x8d\xfd\x72\x8a\xfa\x36\x75\x7a\x79\x7a\xc1\x88\xd1" + cipher' = + fst $ + ChaCha.combine (ChaCha.setCounter32 42 (ChaCha.initialize 20 key nonce)) plain + data Vector = Vector Int -- rounds @@ -59,6 +108,9 @@ , testCase "12-256-K0-I0" (chachaRunSimple b12_256_k0_i0 12 32 8) , testCase "20-256-K0-I0" (chachaRunSimple b20_256_k0_i0 20 32 8) , testCase "XChaCha20 example KAT" xChaCha20_ExampleKAT + , testCase "RFC 8439 A2 #1 ChaCha20" rfc8439A2_1 + , testCase "RFC 8439 A2 #2 ChaCha20" rfc8439A2_2 + , testCase "RFC 8439 A2 #3 ChaCha20" rfc8439A2_3 , testProperty "generate-combine" chachaGenerateCombine , testProperty "chunking-generate" chachaGenerateChunks , testProperty "chunking-combine" chachaCombineChunks diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/crypton-1.0.4/tests/ChaChaPoly1305.hs new/crypton-1.0.6/tests/ChaChaPoly1305.hs --- old/crypton-1.0.4/tests/ChaChaPoly1305.hs 2001-09-09 03:46:40.000000000 +0200 +++ new/crypton-1.0.6/tests/ChaChaPoly1305.hs 2001-09-09 03:46:40.000000000 +0200 @@ -2,7 +2,8 @@ module ChaChaPoly1305 where -import qualified Crypto.Cipher.ChaChaPoly1305 as AEAD +import qualified Crypto.Cipher.ChaChaPoly1305 as CP +import Crypto.Cipher.Types import Crypto.Error import Imports import Poly1305 () @@ -55,6 +56,39 @@ nonce9 = "\x00\x01\x00\x00\x00\x00\x00\x00" nonce10 = "\xff\xff\xff\xff\xff\xff\xff\xff" +a5key :: ByteString +a5key = + "\x1c\x92\x40\xa5\xeb\x55\xd3\x8a\xf3\x33\x88\x86\x04\xf6\xb5\xf0\x47\x39\x17\xc1\x40\x2b\x80\x09\x9d\xca\x5c\xbc\x20\x70\x75\xc0" + +a5nonce :: ByteString +a5nonce = "\x00\x00\x00\x00\x01\x02\x03\x04\x05\x06\x07\x08" + +a5aad :: ByteString +a5aad = "\xf3\x33\x88\x86\x00\x00\x00\x00\x00\x00\x4e\x91" + +a5cipher :: ByteString +a5cipher = + "\x64\xa0\x86\x15\x75\x86\x1a\xf4\x60\xf0\x62\xc7\x9b\xe6\x43\xbd\x5e\x80\x5c\xfd\x34\x5c\xf3\x89\xf1\x08\x67\x0a\xc7\x6c\x8c\xb2\x4c\x6c\xfc\x18\x75\x5d\x43\xee\xa0\x9e\xe9\x4e\x38\x2d\x26\xb0\xbd\xb7\xb7\x3c\x32\x1b\x01\x00\xd4\xf0\x3b\x7f\x35\x58\x94\xcf\x33\x2f\x83\x0e\x71\x0b\x97\xce\x98\xc8\xa8\x4a\xbd\x0b\x94\x81\x14\xad\x17\x6e\x00\x8d\x33\xbd\x60\xf9\x82\xb1\xff\x37\xc8\x55\x97\x97\xa0\x6e\xf4\xf0\xef\x61\xc1\x86\x32\x4e\x2b\x35\x06\x38\x36\x06\x90\x7b\x6a\x7c\x02\xb0\xf9\xf6\x15\x7b\x53\xc8\x67\xe4\xb9\x16\x6c\x76\x7b\x80\x4d\x46\xa5\x9b\x52\x16\xcd\xe7\xa4\xe9\x90\x40\xc5\xa4\x04\x33\x22\x5e\xe2\x82\xa1\xb0\xa0\x6c\x52\x3e\xaf\x45\x34\xd7\xf8\x3f\xa1\x15\x5b\x00\x47\x71\x8c\xbc\x54\x6a\x0d\x07\x2b\x04\xb3\x56\x4e\xea\x1b\x42\x22\x73\xf5\x48\x27\x1a\x0b\xb2\x31\x60\x53\xfa\x76\x99\x19\x55\xeb\xd6\x31\x59\x43\x4e\xce\xbb\x4e\x46\x6d\xae\x5a\x10\x73\xa6\x72\x76\x27\x09\x7a\x10\x49\xe6\x17\xd9\x1d\x36\x10\x94\xfa\x68\xf0\xff\x77\x98\x71\x30\x30\x5b\xea\xba\x2e\xda\x04\xdf \x99\x7b\x71\x4d\x6c\x6f\x2c\x29\xa6\xad\x5c\xb4\x02\x2b\x02\x70\x9b" + +a5plain :: ByteString +a5plain = + "\x49\x6e\x74\x65\x72\x6e\x65\x74\x2d\x44\x72\x61\x66\x74\x73\x20\x61\x72\x65\x20\x64\x72\x61\x66\x74\x20\x64\x6f\x63\x75\x6d\x65\x6e\x74\x73\x20\x76\x61\x6c\x69\x64\x20\x66\x6f\x72\x20\x61\x20\x6d\x61\x78\x69\x6d\x75\x6d\x20\x6f\x66\x20\x73\x69\x78\x20\x6d\x6f\x6e\x74\x68\x73\x20\x61\x6e\x64\x20\x6d\x61\x79\x20\x62\x65\x20\x75\x70\x64\x61\x74\x65\x64\x2c\x20\x72\x65\x70\x6c\x61\x63\x65\x64\x2c\x20\x6f\x72\x20\x6f\x62\x73\x6f\x6c\x65\x74\x65\x64\x20\x62\x79\x20\x6f\x74\x68\x65\x72\x20\x64\x6f\x63\x75\x6d\x65\x6e\x74\x73\x20\x61\x74\x20\x61\x6e\x79\x20\x74\x69\x6d\x65\x2e\x20\x49\x74\x20\x69\x73\x20\x69\x6e\x61\x70\x70\x72\x6f\x70\x72\x69\x61\x74\x65\x20\x74\x6f\x20\x75\x73\x65\x20\x49\x6e\x74\x65\x72\x6e\x65\x74\x2d\x44\x72\x61\x66\x74\x73\x20\x61\x73\x20\x72\x65\x66\x65\x72\x65\x6e\x63\x65\x20\x6d\x61\x74\x65\x72\x69\x61\x6c\x20\x6f\x72\x20\x74\x6f\x20\x63\x69\x74\x65\x20\x74\x68\x65\x6d\x20\x6f\x74\x68\x65\x72\x20\x74\x68\x61\x6e\x20\x61\x73\x20\x2f\xe2\x80\x9c\x77\x6f\x72\x6b \x20\x69\x6e\x20\x70\x72\x6f\x67\x72\x65\x73\x73\x2e\x2f\xe2\x80\x9d" + +a5tag :: ByteString +a5tag = "\xee\xad\x9d\x67\x89\x0c\xbb\x22\x39\x23\x36\xfe\xa1\x85\x1f\x38" + +rfc8439encrypt = a5cipher @=? ct + where + ct = case CP.aeadChacha20poly1305Init a5key a5nonce of + CryptoPassed st -> snd $ aeadSimpleEncrypt st a5aad a5plain 16 + _ -> "dummy" + +rfc8439decrypt = Just a5plain @=? mpt + where + mpt = case CP.aeadChacha20poly1305Init a5key a5nonce of + CryptoPassed st -> aeadSimpleDecrypt st a5aad a5cipher (AuthTag $ B.convert a5tag) + _ -> Nothing + tests = testGroup "ChaChaPoly1305" @@ -63,25 +97,27 @@ , testCase "V1-extended" runEncryptX , testCase "V1-extended-decrypt" runDecryptX , testCase "nonce increment" runNonceInc + , testCase "RFC8439 A5 enc" rfc8439encrypt + , testCase "RFC8439 A5 dec" rfc8439decrypt ] where runEncrypt = let ini = throwCryptoError $ - AEAD.initialize key (throwCryptoError $ AEAD.nonce8 constant iv) - afterAAD = AEAD.finalizeAAD (AEAD.appendAAD aad ini) - (out, afterEncrypt) = AEAD.encrypt plaintext afterAAD - outtag = AEAD.finalize afterEncrypt + CP.initialize key (throwCryptoError $ CP.nonce8 constant iv) + afterAAD = CP.finalizeAAD (CP.appendAAD aad ini) + (out, afterEncrypt) = CP.encrypt plaintext afterAAD + outtag = CP.finalize afterEncrypt in propertyHoldCase [ eqTest "ciphertext" ciphertext out , eqTest "tag" tag (B.convert outtag) ] runEncryptX = let ini = - throwCryptoError $ AEAD.initializeX key (throwCryptoError $ AEAD.nonce24 ivX) - afterAAD = AEAD.finalizeAAD (AEAD.appendAAD aad ini) - (out, afterEncrypt) = AEAD.encrypt plaintext afterAAD - outtag = AEAD.finalize afterEncrypt + throwCryptoError $ CP.initializeX key (throwCryptoError $ CP.nonce24 ivX) + afterAAD = CP.finalizeAAD (CP.appendAAD aad ini) + (out, afterEncrypt) = CP.encrypt plaintext afterAAD + outtag = CP.finalize afterEncrypt in propertyHoldCase [ eqTest "ciphertext" ciphertextX out , eqTest "tag" tagX (B.convert outtag) @@ -90,10 +126,10 @@ runDecrypt = let ini = throwCryptoError $ - AEAD.initialize key (throwCryptoError $ AEAD.nonce8 constant iv) - afterAAD = AEAD.finalizeAAD (AEAD.appendAAD aad ini) - (out, afterDecrypt) = AEAD.decrypt ciphertext afterAAD - outtag = AEAD.finalize afterDecrypt + CP.initialize key (throwCryptoError $ CP.nonce8 constant iv) + afterAAD = CP.finalizeAAD (CP.appendAAD aad ini) + (out, afterDecrypt) = CP.decrypt ciphertext afterAAD + outtag = CP.finalize afterDecrypt in propertyHoldCase [ eqTest "plaintext" plaintext out , eqTest "tag" tag (B.convert outtag) @@ -101,33 +137,33 @@ runDecryptX = let ini = - throwCryptoError $ AEAD.initializeX key (throwCryptoError $ AEAD.nonce24 ivX) - afterAAD = AEAD.finalizeAAD (AEAD.appendAAD aad ini) - (out, afterDecrypt) = AEAD.decrypt ciphertextX afterAAD - outtag = AEAD.finalize afterDecrypt + throwCryptoError $ CP.initializeX key (throwCryptoError $ CP.nonce24 ivX) + afterAAD = CP.finalizeAAD (CP.appendAAD aad ini) + (out, afterDecrypt) = CP.decrypt ciphertextX afterAAD + outtag = CP.finalize afterDecrypt in propertyHoldCase [ eqTest "plaintext" plaintext out , eqTest "tag" tagX (B.convert outtag) ] runNonceInc = - let n1 = throwCryptoError . AEAD.nonce12 $ nonce1 - n3 = throwCryptoError . AEAD.nonce12 $ nonce3 - n5 = throwCryptoError . AEAD.nonce12 $ nonce5 - n6 = throwCryptoError . AEAD.nonce8 constant $ nonce6 - n8 = throwCryptoError . AEAD.nonce8 constant $ nonce8 - n10 = throwCryptoError . AEAD.nonce8 constant $ nonce10 + let n1 = throwCryptoError . CP.nonce12 $ nonce1 + n3 = throwCryptoError . CP.nonce12 $ nonce3 + n5 = throwCryptoError . CP.nonce12 $ nonce5 + n6 = throwCryptoError . CP.nonce8 constant $ nonce6 + n8 = throwCryptoError . CP.nonce8 constant $ nonce8 + n10 = throwCryptoError . CP.nonce8 constant $ nonce10 in propertyHoldCase - [ eqTest "nonce12a" nonce2 $ B.convert . AEAD.incrementNonce $ n1 - , eqTest "nonce12b" nonce4 $ B.convert . AEAD.incrementNonce $ n3 - , eqTest "nonce12c" nonce1 $ B.convert . AEAD.incrementNonce $ n5 + [ eqTest "nonce12a" nonce2 $ B.convert . CP.incrementNonce $ n1 + , eqTest "nonce12b" nonce4 $ B.convert . CP.incrementNonce $ n3 + , eqTest "nonce12c" nonce1 $ B.convert . CP.incrementNonce $ n5 , eqTest "nonce8a" (B.concat [constant, nonce7]) $ - B.convert . AEAD.incrementNonce $ + B.convert . CP.incrementNonce $ n6 , eqTest "nonce8b" (B.concat [constant, nonce9]) $ - B.convert . AEAD.incrementNonce $ + B.convert . CP.incrementNonce $ n8 , eqTest "nonce8c" (B.concat [constant, nonce6]) $ - B.convert . AEAD.incrementNonce $ + B.convert . CP.incrementNonce $ n10 ]
