rfc9180v1.xml   rfc9180_Richard.xml 
<?xml version="1.0" encoding="UTF-8"?> <?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE rfc [ <!DOCTYPE rfc [
<!ENTITY nbsp "&#160;"> <!ENTITY nbsp "&#160;">
<!ENTITY zwsp "&#8203;"> <!ENTITY zwsp "&#8203;">
<!ENTITY nbhy "&#8209;"> <!ENTITY nbhy "&#8209;">
<!ENTITY wj "&#8288;"> <!ENTITY wj "&#8288;">
]> ]>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft <!-- generated by https://github.com/cabo/kramdown-rfc2629 version 1.5.24 -->
-irtf-cfrg-hpke-12" number="9180" obsoletes="" updates="" submissionType="IRTF" <?rfc toc="yes"?>
category="info" consensus="true" xml:lang="en" tocInclude="true" sortRefs="true" <?rfc sortrefs="yes"?>
symRefs="true" version="3"> <?rfc symrefs="yes"?>
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft
<!--[rfced] Please ensure that the guidelines listed in Section 2.1 of -irtf-cfrg-hpke-latest" category="info" obsoletes="" updates="" submissionType="
RFC 5743 (https://www.rfc-editor.org/rfc/rfc5743#section-2.1) have IETF" xml:lang="en" tocInclude="true" sortRefs="true" symRefs="true" version="3"
been adhered to in this document. --> >
<!-- xml2rfc v2v3 conversion 3.12.0 -->
<!-- xml2rfc v2v3 conversion 2.42.0 -->
<front> <front>
<!--[rfced] "public key" vs. "public-key"
in the attributive position (before a noun).
We see both forms are used in this document; do you have a preference?
For example, in the original:
Hybrid Public Key Encryption (the title; no hyphen)
and a couple instances of
public key encryption / validation
vs. 10 instances in the document of
public-key encryption / scheme / operations / validation
In general, we have received advice that it should not be
hyphenated in the attributive position, and it is listed here:
https://www.rfc-editor.org/materials/terms-online.txt
We note that the IANA registry does not contain the hyphen
(https://www.iana.org/assignments/hpke/), so depending on your
decision here, there may be an update to its title.
<title abbrev="HPKE">Hybrid Public Key Encryption</title> <title abbrev="HPKE">Hybrid Public Key Encryption</title>
<seriesInfo name="RFC" value="9180"/> <seriesInfo name="Internet-Draft" value="draft-irtf-cfrg-hpke-latest"/>
<author initials="R." surname="Barnes" fullname="Richard L. Barnes"> <author initials="R." surname="Barnes" fullname="Richard L. Barnes">
<organization>Cisco</organization> <organization>Cisco</organization>
<address> <address>
<email>rlb@ipv.sx</email> <email>rlb@ipv.sx</email>
</address> </address>
</author> </author>
<author initials="K." surname="Bhargavan" fullname="Karthik Bhargavan"> <author initials="K." surname="Bhargavan" fullname="Karthik Bhargavan">
<organization>Inria</organization> <organization>Inria</organization>
<address> <address>
<email>karthikeyan.bhargavan@inria.fr</email> <email>karthikeyan.bhargavan@inria.fr</email>
skipping to change at line 64 skipping to change at line 42
<address> <address>
<email>ietf@benjaminlipp.de</email> <email>ietf@benjaminlipp.de</email>
</address> </address>
</author> </author>
<author initials="C." surname="Wood" fullname="Christopher A. Wood"> <author initials="C." surname="Wood" fullname="Christopher A. Wood">
<organization>Cloudflare</organization> <organization>Cloudflare</organization>
<address> <address>
<email>caw@heapingbits.net</email> <email>caw@heapingbits.net</email>
</address> </address>
</author> </author>
<date year="2022" month="January"/> <date year="2022" month="January" day="12"/>
<workgroup>Crypto Forum</workgroup> <workgroup>Internet Research Task Force (IRTF)</workgroup>
<keyword>Internet-Draft</keyword>
<!-- [rfced] Please insert any keywords (beyond those that appear in the
title) for use on https://www.rfc-editor.org/search. -->
<keyword>example</keyword>
<abstract> <abstract>
<t>This document describes a scheme for hybrid public-key encryption (HPKE <t>This document describes a scheme for hybrid public key encryption (HPKE
). ).
This scheme provides a variant of public-key encryption of arbitrary-sized This scheme provides a variant of public key encryption of arbitrary-sized
plaintexts for a recipient public key. It also includes three authenticated plaintexts for a recipient public key. It also includes three authenticated
variants, including one that authenticates possession of a pre-shared key variants, including one that authenticates possession of a pre-shared key
and two optional ones that authenticate possession of a key encapsulation and two optional ones that authenticate possession of a key encapsulation
mechanism (KEM) private key. HPKE works for any combination of an asymmetric mechanism (KEM) private key. HPKE works for any combination of an asymmetric
KEM, key derivation function (KDF), and authenticated encryption with KEM, key derivation function (KDF), and authenticated encryption with
additional data (AEAD) encryption function. Some authenticated variants may not additional data (AEAD) encryption function. Some authenticated variants may not
be supported by all KEMs. We provide instantiations of the scheme using widely be supported by all KEMs. We provide instantiations of the scheme using widely
used and efficient primitives, such as Elliptic Curve Diffie-Hellman (ECDH) key used and efficient primitives, such as Elliptic Curve Diffie-Hellman (ECDH) key
agreement, HMAC-based key derivation function (HKDF), and SHA2.</t> agreement, HMAC-based key derivation function (HKDF), and SHA2.</t>
<t>This document is a product of the Crypto Forum Research Group (CFRG) in the IRTF.</t> <t>This document is a product of the Crypto Forum Research Group (CFRG) in the IRTF.</t>
</abstract> </abstract>
</front> </front>
<middle> <middle>
<section anchor="introduction" numbered="true" toc="default"> <section anchor="introduction" numbered="true" toc="default">
<name>Introduction</name> <name>Introduction</name>
<t>Encryption schemes that combine asymmetric and symmetric algorithms hav e been <t>Encryption schemes that combine asymmetric and symmetric algorithms hav e been
specified and practiced since the early days of public-key cryptography, e.g., specified and practiced since the early days of public key cryptography, e.g.,
<xref target="RFC1421" format="default"/>. Combining the two yields the key mana gement advantages of asymmetric <xref target="RFC1421" format="default"/>. Combining the two yields the key mana gement advantages of asymmetric
cryptography and the performance benefits of symmetric cryptography. The traditi onal cryptography and the performance benefits of symmetric cryptography. The traditi onal
combination has been "encrypt the symmetric key with the public key." "Hybrid" combination has been "encrypt the symmetric key with the public key." "Hybrid"
public-key encryption (HPKE) schemes, specified here, take a different approach: public key encryption (HPKE) schemes, specified here, take a different approach:
"generate the symmetric key and its encapsulation with the public key." "generate the symmetric key and its encapsulation with the public key."
Specifically, encrypted messages convey an encryption key encapsulated with a Specifically, encrypted messages convey an encryption key encapsulated with a
public-key scheme, along with one or more arbitrary-sized ciphertexts encrypted public key scheme, along with one or more arbitrary-sized ciphertexts encrypted
using that key. This type of public key encryption has many applications in using that key. This type of public key encryption has many applications in
practice, including Messaging Layer Security <xref target="I-D.ietf-mls-protocol " format="default"/> and practice, including Messaging Layer Security <xref target="I-D.ietf-mls-protocol " format="default"/> and
TLS-encrypted ClientHello messages <xref target="I-D.ietf-tls-esni" format="defa ult"/>.</t> TLS Encrypted ClientHello <xref target="I-D.ietf-tls-esni" format="default"/>.</ t>
<t>Currently, there are numerous competing and non-interoperable standards and <t>Currently, there are numerous competing and non-interoperable standards and
variants for hybrid encryption, mostly based on Elliptic Curve Integrated Encryp variants for hybrid encryption, mostly variants on the Elliptic Curve Integrated
tion Schemes (ECIESes), including ANSI X9.63 Encryption Scheme (ECIES), including ANSI X9.63
(ECIES) <xref target="ANSI" format="default"/>, IEEE 1363a <xref target="IEEE136 (ECIES) <xref target="ANSI" format="default"/>, IEEE 1363a <xref target="IEEE136
3" format="default"/>, ISO/IEC 18033-2 <xref target="ISO" format="default"/>, an 3" format="default"/>, ISO/IEC 18033-2 <xref target="ISO" format="default"/>, an
d Standards for Efficient Cryptography Group (SECG) SEC 1 d SECG SEC 1
<xref target="SECG" format="default"/>. See <xref target="MAEA10" format="defau lt"/> for a thorough comparison. All these existing <xref target="SECG" format="default"/>. See <xref target="MAEA10" format="defau lt"/> for a thorough comparison. All these existing
schemes have problems, e.g., because they rely on outdated primitives, lack schemes have problems, e.g., because they rely on outdated primitives, lack
proofs of indistinguishable (adaptive) chosen-ciphertext attack (IND-CCA2) secur ity, or fail to provide test vectors.</t> proofs of indistinguishable (adaptive) chosen-ciphertext attack (IND-CCA2) secur ity, or fail to provide test vectors.</t>
<t>This document defines an HPKE scheme that provides a subset <t>This document defines an HPKE scheme that provides a subset
of the functions provided by the collection of schemes above but of the functions provided by the collection of schemes above but
specified with sufficient clarity that they can be interoperably specified with sufficient clarity that they can be interoperably
implemented. The HPKE construction defined herein is secure against (adaptive) implemented. The HPKE construction defined herein is secure against (adaptive)
chosen ciphertext attacks (IND-CCA2 secure) under classical assumptions about chosen ciphertext attacks (IND-CCA2-secure) under classical assumptions about
the underlying primitives <xref target="HPKEAnalysis" format="default"/> <xref t arget="ABHKLR20" format="default"/>. A summary of the underlying primitives <xref target="HPKEAnalysis" format="default"/> <xref t arget="ABHKLR20" format="default"/>. A summary of
these analyses is in <xref target="sec-properties" format="default"/>.</t> these analyses is in <xref target="sec-properties" format="default"/>.</t>
<t>This document represents the consensus of the Crypto Forum Research Gro up (CFRG).</t> <t>This document represents the consensus of the Crypto Forum Research Gro up (CFRG).</t>
</section> </section>
<section anchor="requirements-notation" numbered="true" toc="default"> <section anchor="requirements-notation" numbered="true" toc="default">
<name>Requirements Notation</name> <name>Requirements Notation</name>
<t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", <t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
"<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED",
NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "MAY", and "OPTIONAL" in this document are to be interpreted as
"<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>", described in BCP 14 <xref target="RFC2119" format="default"/> <xref target="RFC8
"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document 174" format="default"/> when, and only when, they
are to be interpreted as described in BCP&nbsp;14 <xref target="RFC2119"/> appear in all capitals, as shown here.</t>
<xref target="RFC8174"/> when, and only when, they appear in all capitals,
as shown here.</t>
</section> </section>
<section anchor="notation" numbered="true" toc="default"> <section anchor="notation" numbered="true" toc="default">
<name>Notation</name> <name>Notation</name>
<t>The following terms are used throughout this document to describe the <t>The following terms are used throughout this document to describe the
operations, roles, and behaviors of HPKE:</t> operations, roles, and behaviors of HPKE:</t>
<dl newline="false" spacing="normal"> <ul spacing="normal">
<dt><tt>(skX, pkX)</tt>:</dt> <li>
<dd>A key encapsulation mechanism (KEM) key pair used in role X, <tt>(skX, pkX)</tt>: A key encapsulation mechanism (KEM) key pair used
where X is one of S, R, or E as sender, recipient, and ephemeral, respect in role X,
ively; where X is one of S, R, or E as sender, recipient, and ephemeral, respectively;
<tt>skX</tt> is the private key and <tt>pkX</tt> is the public key.</dd> <tt>skX</tt> is the private key and <tt>pkX</tt> is the public key.</li>
<dt><tt>pk(skX)</tt>:</dt> <li>
<dd>The KEM public key corresponding to the KEM private key <tt>skX</tt>. <tt>pk(skX)</tt>: The KEM public key corresponding to the KEM private
</dd> key <tt>skX</tt>.</li>
<dt>Sender (S):</dt> <li>Sender (S): Role of entity that sends an encrypted message.</li>
<dd>Role of entity that sends an encrypted message.</dd> <li>Recipient (R): Role of entity that receives an encrypted message.</l
<dt>Recipient (R):</dt> i>
<dd>Role of entity that receives an encrypted message.</dd> <li>Ephemeral (E): Role of a fresh random value meant for one-time use.<
<dt>Ephemeral (E):</dt> /li>
<dd>Role of a fresh random value meant for one-time use.</dd> <li>
<dt><tt>I2OSP(n, w)</tt>:</dt> <tt>I2OSP(n, w)</tt>: Convert non-negative integer <tt>n</tt> to a <tt
<dd>Convert nonnegative integer <tt>n</tt> to a <tt>w</tt>-length, >w</tt>-length,
big-endian byte big-endian byte string, as described in <xref target="RFC8017" format="default"/
string, as described in <xref target="RFC8017" format="default"/>.</dd> >.</li>
<dt><tt>OS2IP(x)</tt>:</dt> <li>
<dd>Convert byte string <tt>x</tt> to a nonnegative integer, as described <tt>OS2IP(x)</tt>: Convert byte string <tt>x</tt> to a non-negative in
in teger, as
<xref described in <xref target="RFC8017" format="default"/>, assuming big-endian byte
target="RFC8017" format="default"/>, assuming big-endian byte order.</dd> order.</li>
<dt><tt>concat(x0, ..., xN)</tt>:</dt> <li>
<dd>Concatenation of byte strings; <tt>concat(0x01, 0x0203, 0x040506) = <tt>concat(x0, ..., xN)</tt>: Concatenation of byte strings.
0x010203040506</tt>.</dd> <tt>concat(0x01, 0x0203, 0x040506) = 0x010203040506</tt>.</li>
<dt><tt>random(n)</tt>:</dt> <li>
<dd>A pseudorandom byte string of length <tt>n</tt> bytes.</dd> <tt>random(n)</tt>: A pseudorandom byte string of length <tt>n</tt> by
<dt><tt>xor(a,b)</tt>:</dt> tes</li>
<dd>XOR of byte strings; <tt>xor(0xF0F0, 0x1234) = 0xE2C4</tt>. It is an <li>
error to <tt>xor(a,b)</tt>: XOR of byte strings; <tt>xor(0xF0F0, 0x1234) = 0xE2
call this function with two arguments of unequal length.</dd> C4</tt>.
</dl> It is an error to call this function with two arguments of unequal
length.</li>
</ul>
</section> </section>
<section anchor="base-crypto" numbered="true" toc="default"> <section anchor="base-crypto" numbered="true" toc="default">
<name>Cryptographic Dependencies</name> <name>Cryptographic Dependencies</name>
<t>HPKE variants rely on the following primitives:</t> <t>HPKE variants rely on the following primitives:</t>
<dl newline="true" spacing="normal"> <ul spacing="normal">
<dt>A key encapsulation mechanism (KEM):</dt> <li>
<dd> <t>A key encapsulation mechanism (KEM):
<dl newline="false" spacing="normal"> </t>
<dt><tt>GenerateKeyPair()</tt>:</dt> <ul spacing="normal">
<dd>Randomized algorithm to generate a key pair <tt>(skX, pkX)</tt>.< <li>
/dd> <tt>GenerateKeyPair()</tt>: Randomized algorithm to generate a key
<dt><tt>DeriveKeyPair(ikm)</tt>:</dt> pair <tt>(skX, pkX)</tt>.</li>
<dd>Deterministic algorithm to derive a key pair <tt>(skX, pkX)</tt> <li>
from the <tt>DeriveKeyPair(ikm)</tt>: Deterministic algorithm to derive a k
byte string <tt>ikm</tt>, where <tt>ikm</tt> <bcp14>SHOULD</bcp14> ha ey pair
ve at <tt>(skX, pkX)</tt> from the byte string <tt>ikm</tt>, where <tt>ikm</tt> SHOULD
least <tt>Nsk</tt> bytes of entropy (see <xref target="derive-key-pai have at
r" least <tt>Nsk</tt> bytes of entropy (see <xref target="derive-key-pair" format="
format="default"/> for discussion).</dd> default"/> for discussion).</li>
<dt><tt>SerializePublicKey(pkX)</tt>:</dt> <li>
<dd>Produce a byte string of length <tt>Npk</tt> encoding the public <tt>SerializePublicKey(pkX)</tt>: Produce a byte string of length
key <tt>Npk</tt> encoding the
<tt>pkX</tt>.</dd> public key <tt>pkX</tt>.</li>
<dt><tt>DeserializePublicKey(pkXm)</tt>:</dt> <li>
<dd>Parse a byte string of length <tt>Npk</tt> to recover a public ke <tt>DeserializePublicKey(pkXm)</tt>: Parse a byte string of length
y. This <tt>Npk</tt> to recover a
function can raise a <tt>DeserializeError</tt> error upon <tt>pkXm</t public key. This function can raise a <tt>DeserializeError</tt> error upon <tt>p
t> kXm</tt>
deserialization failure.</dd> deserialization failure.</li>
<dt><tt>Encap(pkR)</tt>:</dt> <li>
<dd>Randomized algorithm to generate an ephemeral, fixed-length symme <tt>Encap(pkR)</tt>: Randomized algorithm to generate an ephemeral
tric key ,
(the KEM shared secret) and a fixed-length encapsulation of that key fixed-length symmetric key (the KEM shared secret) and
that can a fixed-length encapsulation of that key that can be decapsulated
be decapsulated by the holder of the private key corresponding to <tt by the holder of the private key corresponding to <tt>pkR</tt>. This function
>pkR</tt>. can raise an <tt>EncapError</tt> on encapsulation failure.</li>
This function can raise an <tt>EncapError</tt> on encapsulation failu <li>
re.</dd> <tt>Decap(enc, skR)</tt>: Deterministic algorithm using the privat
<dt><tt>Decap(enc, skR)</tt>:</dt> e key <tt>skR</tt>
<dd>Deterministic algorithm using the private key <tt>skR</tt> to rec to recover the ephemeral symmetric key (the KEM shared secret) from
over the its encapsulated representation <tt>enc</tt>. This function can raise a
ephemeral symmetric key (the KEM shared secret) from its encapsulated <tt>DecapError</tt> on decapsulation failure.</li>
representation <tt>enc</tt>. This function can raise a <tt>DecapError <li>
</tt> on <tt>AuthEncap(pkR, skS)</tt> (optional): Same as <tt>Encap()</tt>,
decapsulation failure.</dd> and the outputs
<dt><tt>AuthEncap(pkR, skS)</tt> (optional):</dt> encode an assurance that the KEM shared secret was generated by the
<dd>Same as <tt>Encap()</tt>, and the outputs encode an assurance tha holder of the private key <tt>skS</tt>.</li>
t the KEM <li>
shared secret was generated by the holder of the private key <tt>skS< <tt>AuthDecap(enc, skR, pkS)</tt> (optional): Same as <tt>Decap()<
/tt>.</dd> /tt>, and the recipient
<dt><tt>AuthDecap(enc, skR, pkS)</tt> (optional):</dt> is assured that the KEM shared secret was generated by the holder of
<dd>Same as <tt>Decap()</tt>, and the recipient is assured that the K the private key <tt>skS</tt>.</li>
EM shared <li>
secret was generated by the holder of the private key <tt>skS</tt>.</ <tt>Nsecret</tt>: The length in bytes of a KEM shared secret produ
dd> ced by this KEM.</li>
<dt><tt>Nsecret</tt>:</dt> <li>
<dd>The length in bytes of a KEM shared secret produced by this KEM.< <tt>Nenc</tt>: The length in bytes of an encapsulated key produced
/dd> by this KEM.</li>
<dt><tt>Nenc</tt>:</dt> <li>
<dd>The length in bytes of an encapsulated key produced by this KEM.< <tt>Npk</tt>: The length in bytes of an encoded public key for thi
/dd> s KEM.</li>
<dt><tt>Npk</tt>:</dt> <li>
<dd>The length in bytes of an encoded public key for this KEM.</dd> <tt>Nsk</tt>: The length in bytes of an encoded private key for th
<dt><tt>Nsk</tt>:</dt> is KEM.</li>
<dd>The length in bytes of an encoded private key for this KEM.</dd> </ul>
</dl> </li>
</dd> <li>
<dt>A key derivation function (KDF):</dt> <t>A key derivation function (KDF):
<dd> </t>
<dl newline="false" spacing="normal"> <ul spacing="normal">
<dt><tt>Extract(salt, ikm)</tt>:</dt> <li>
<dd>Extract a pseudorandom key of fixed length <tt>Nh</tt> bytes from <tt>Extract(salt, ikm)</tt>: Extract a pseudorandom key of fixed l
input ength <tt>Nh</tt> bytes
keying material <tt>ikm</tt> and an optional byte string <tt>salt</tt from input keying material <tt>ikm</tt> and an optional byte string
>.</dd> <tt>salt</tt>.</li>
<dt><tt>Expand(prk, info, L)</tt>:</dt> <li>
<dd>Expand a pseudorandom key <tt>prk</tt> using optional string <tt> <tt>Expand(prk, info, L)</tt>: Expand a pseudorandom key <tt>prk</
info</tt> tt> using
into <tt>L</tt> bytes of output keying material.</dd> optional string <tt>info</tt> into <tt>L</tt> bytes of output keying material.</
<dt><tt>Nh</tt>:</dt> li>
<dd>The output size of the <tt>Extract()</tt> function in bytes.</dd> <li>
</dl> <tt>Nh</tt>: The output size of the <tt>Extract()</tt> function in
</dd> bytes.</li>
<dt>An AEAD encryption algorithm <xref target="RFC5116" format="default" </ul>
/>:</dt> </li>
<dd> <li>
<dl newline="false" spacing="normal"> <t>An AEAD encryption algorithm <xref target="RFC5116" format="default
<dt><tt>Seal(key, nonce, aad, pt)</tt>:</dt> "/>:
<dd>Encrypt and authenticate plaintext <tt>pt</tt> with associated da </t>
ta <ul spacing="normal">
<tt>aad</tt> using symmetric key <tt>key</tt> and nonce <li>
<tt>nonce</tt>, <tt>Seal(key, nonce, aad, pt)</tt>: Encrypt and authenticate plain
yielding ciphertext and tag <tt>ct</tt>. This function can raise a text
<tt>MessageLimitReachedError</tt> upon failure.</dd> <tt>pt</tt> with associated data <tt>aad</tt> using symmetric key <tt>key</tt> a
<dt><tt>Open(key, nonce, aad, ct)</tt>:</dt> nd nonce
<dd>Decrypt ciphertext and tag <tt>ct</tt> using associated data <tt>nonce</tt>, yielding ciphertext and tag <tt>ct</tt>. This function
<tt>aad</tt> can raise a <tt>MessageLimitReachedError</tt> upon failure.</li>
with symmetric key <tt>key</tt> and nonce <tt>nonce</tt>, returning p <li>
laintext <tt>Open(key, nonce, aad, ct)</tt>: Decrypt ciphertext and tag <tt
message <tt>pt</tt>. This function can raise an <tt>OpenError</tt> or >ct</tt> using
<tt>MessageLimitReachedError</tt> upon failure.</dd> associated data <tt>aad</tt> with symmetric key <tt>key</tt> and nonce <tt>nonce
<dt><tt>Nk</tt>:</dt> </tt>,
<dd>The length in bytes of a key for this algorithm.</dd> returning plaintext message <tt>pt</tt>. This function can raise an
<dt><tt>Nn</tt>:</dt> <tt>OpenError</tt> or <tt>MessageLimitReachedError</tt> upon failure.</li>
<dd>The length in bytes of a nonce for this algorithm.</dd> <li>
<dt><tt>Nt</tt>:</dt> <tt>Nk</tt>: The length in bytes of a key for this algorithm.</li>
<dd>The length in bytes of the authentication tag for this algorithm. <li>
</dd> <tt>Nn</tt>: The length in bytes of a nonce for this algorithm.</l
</dl> i>
</dd> <li>
</dl> <tt>Nt</tt>: The length in bytes of the authentication tag for thi
<t>Beyond the above, a KEM <bcp14>MAY</bcp14> also expose the following fu s algorithm.</li>
nctions, whose </ul>
behavior is detailed in <xref target="serializeprivatekey" format="default </li>
"/>:</t> </ul>
<dl newline="false" spacing="normal"> <t>Beyond the above, a KEM MAY also expose the following functions, whose
<dt><tt>SerializePrivateKey(skX)</tt>:</dt> behavior
<dd>Produce a byte string of length <tt>Nsk</tt> encoding the private key is detailed in <xref target="serializeprivatekey" format="default"/>:</t>
<tt>skX</tt>.</dd> <ul spacing="normal">
<dt><tt>DeserializePrivateKey(skXm)</tt>:</dt> <li>
<dd>Parse a byte string of length <tt>Nsk</tt> to recover a private key. <tt>SerializePrivateKey(skX)</tt>: Produce a byte string of length <tt
This >Nsk</tt> encoding the private
function can raise a <tt>DeserializeError</tt> error upon <tt>skXm</tt> key <tt>skX</tt>.</li>
deserialization failure.</dd> <li>
</dl> <tt>DeserializePrivateKey(skXm)</tt>: Parse a byte string of length <t
<t>A <em>ciphersuite</em> is a triple (KEM, KDF, and AEAD), containing a c t>Nsk</tt> to recover a
hoice of algorithm private key. This function can raise a <tt>DeserializeError</tt> error upon <tt>
skXm</tt>
deserialization failure.</li>
</ul>
<t>A <em>ciphersuite</em> is a triple (KEM, KDF, AEAD) containing a choice
of algorithm
for each primitive.</t> for each primitive.</t>
<t>A set of algorithm identifiers for concrete instantiations of these <t>A set of algorithm identifiers for concrete instantiations of these
primitives is provided in <xref target="ciphersuites" format="default"/>. Algor ithm identifier primitives is provided in <xref target="ciphersuites" format="default"/>. Algor ithm identifier
values are two bytes long.</t> values are two bytes long.</t>
<t>Note that <tt>GenerateKeyPair</tt> can be implemented as <tt>DeriveKeyP air(random(Nsk))</tt>.</t> <t>Note that <tt>GenerateKeyPair</tt> can be implemented as <tt>DeriveKeyP air(random(Nsk))</tt>.</t>
<t>The notation <tt>pk(skX)</tt>, depending on its use and the KEM and its <t>The notation <tt>pk(skX)</tt>, depending on its use and the KEM and its
implementation, is either the implementation, is either the
computation of the public key using the private key or just syntax computation of the public key using the private key, or just syntax
expressing the retrieval of the public key, assuming it is stored along expressing the retrieval of the public key, assuming it is stored along
with the private key object.</t> with the private key object.</t>
<t>The following two functions are defined to facilitate domain separation of <t>The following two functions are defined to facilitate domain separation of
KDF calls, as well as context binding:</t> KDF calls as well as context binding:</t>
<!-- [rfced] Please review the "type" attribute of each sourcecode element <artwork name="" type="" align="left" alt=""><![CDATA[
in the XML file to ensure correctness. If the current list of preferred
values for "type" (https://www.rfc-editor.org/materials/sourcecode-types.txt)
does not contain an applicable type, then feel free to let us know.
In addition, review each artwork element. Specifically, should any artwork
element be tagged as sourcecode or another element?
Examples of usage of the artwork element from the documentation:
diagrams ("line art") and protocol unit diagrams
<sourcecode name="" type=""><![CDATA[
def LabeledExtract(salt, label, ikm): def LabeledExtract(salt, label, ikm):
labeled_ikm = concat("HPKE-v1", suite_id, label, ikm) labeled_ikm = concat("HPKE-v1", suite_id, label, ikm)
return Extract(salt, labeled_ikm) return Extract(salt, labeled_ikm)
def LabeledExpand(prk, label, info, L): def LabeledExpand(prk, label, info, L):
labeled_info = concat(I2OSP(L, 2), "HPKE-v1", suite_id, labeled_info = concat(I2OSP(L, 2), "HPKE-v1", suite_id,
label, info) label, info)
return Expand(prk, labeled_info, L) return Expand(prk, labeled_info, L)
]]></sourcecode> ]]></artwork>
<t>The value of <tt>suite_id</tt> depends on where the KDF is used; it is assumed <t>The value of <tt>suite_id</tt> depends on where the KDF is used; it is assumed
implicit from the implementation and not passed as a parameter. If used implicit from the implementation and not passed as a parameter. If used
inside a KEM algorithm, <tt>suite_id</tt> <bcp14>MUST</bcp14> start with "KEM" a inside a KEM algorithm, <tt>suite_id</tt> MUST start with "KEM" and identify
nd identify this KEM algorithm; if used in the remainder of HPKE, it MUST start with
this KEM algorithm; if used in the remainder of HPKE, it <bcp14>MUST</bcp14> sta "HPKE" and identify the entire ciphersuite in use. See sections <xref target="dh
rt with kem" format="default"/>
"HPKE" and identify the entire ciphersuite in use. See Sections <xref target="dh and <xref target="encryption-context" format="default"/> for details.</t>
kem" format="counter"/>
and <xref target="encryption-context" format="counter"/> for details.</t>
<section anchor="dhkem" numbered="true" toc="default"> <section anchor="dhkem" numbered="true" toc="default">
<name>DH-Based KEM (DHKEM)</name> <name>DH-Based KEM (DHKEM)</name>
<t>Suppose we are given a KDF and a Diffie-Hellman (DH) group providing the <t>Suppose we are given a KDF, and a Diffie-Hellman (DH) group providing the
following operations:</t> following operations:</t>
<dl newline="false" spacing="normal"> <ul spacing="normal">
<dt><tt>DH(skX, pkY)</tt>:</dt> <li>
<dd>Perform a noninteractive Diffie-Hellman exchange using the private <tt>DH(skX, pkY)</tt>: Perform a non-interactive Diffie-Hellman exch
key ange using
<tt>skX</tt> and public key <tt>pkY</tt> to produce a Diffie-Hellman sh the private key <tt>skX</tt> and public key <tt>pkY</tt> to produce a Diffie-Hel
ared lman shared
secret of length <tt>Ndh</tt>. This function can raise a <tt>Validation secret of length <tt>Ndh</tt>. This function can raise a <tt>ValidationError</tt
Error</tt>, > as described
as described in <xref target="validation" format="default"/>.</dd> in <xref target="validation" format="default"/>.</li>
<dt><tt>Ndh</tt>:</dt> <li>
<dd>The length in bytes of a Diffie-Hellman shared secret produced by <tt>Ndh</tt>: The length in bytes of a Diffie-Hellman shared secret
<tt>DH()</tt>.</dd> produced
<dt><tt>Nsk</tt>:</dt> by <tt>DH()</tt>.</li>
<dd>The length in bytes of a Diffie-Hellman private key.</dd> <li>
</dl> <tt>Nsk</tt>: The length in bytes of a Diffie-Hellman private key.</
<t>Then, we can construct a KEM that implements the interface defined in li>
<xref target="base-crypto" format="default"/> </ul>
<t>Then we can construct a KEM that implements the interface defined in
<xref target="base-crypto" format="default"/>
called <tt>DHKEM(Group, KDF)</tt> in the following way, where <tt>Group</tt> den otes the called <tt>DHKEM(Group, KDF)</tt> in the following way, where <tt>Group</tt> den otes the
Diffie-Hellman group and <tt>KDF</tt> denotes the KDF. The function parameters < tt>pkR</tt> and <tt>pkS</tt> Diffie-Hellman group and <tt>KDF</tt> denotes the KDF. The function parameters < tt>pkR</tt> and <tt>pkS</tt>
are deserialized public keys, and <tt>enc</tt> is a serialized public key. Since are deserialized public keys, and <tt>enc</tt> is a serialized public key. Since
encapsulated keys are Diffie-Hellman public keys in this KEM algorithm, encapsulated keys are Diffie-Hellman public keys in this KEM algorithm,
we use <tt>SerializePublicKey()</tt> and <tt>DeserializePublicKey()</tt> to enco de and decode we use <tt>SerializePublicKey()</tt> and <tt>DeserializePublicKey()</tt> to enco de and decode
them, respectively. <tt>Npk</tt> equals <tt>Nenc</tt>. <tt>GenerateKeyPair()</tt > produces a key pair them, respectively. <tt>Npk</tt> equals <tt>Nenc</tt>. <tt>GenerateKeyPair()</tt > produces a key pair
for the Diffie-Hellman group in use. <xref target="derive-key-pair" format="defa ult"/> contains the for the Diffie-Hellman group in use. <xref target="derive-key-pair" format="defa ult"/> contains the
<tt>DeriveKeyPair()</tt> function specification for DHKEMs defined in this docum ent.</t> <tt>DeriveKeyPair()</tt> function specification for DHKEMs defined in this docum ent.</t>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
def ExtractAndExpand(dh, kem_context): def ExtractAndExpand(dh, kem_context):
eae_prk = LabeledExtract("", "eae_prk", dh) eae_prk = LabeledExtract("", "eae_prk", dh)
shared_secret = LabeledExpand(eae_prk, "shared_secret", shared_secret = LabeledExpand(eae_prk, "shared_secret",
kem_context, Nsecret) kem_context, Nsecret)
return shared_secret return shared_secret
def Encap(pkR): def Encap(pkR):
skE, pkE = GenerateKeyPair() skE, pkE = GenerateKeyPair()
dh = DH(skE, pkR) dh = DH(skE, pkR)
enc = SerializePublicKey(pkE) enc = SerializePublicKey(pkE)
skipping to change at line 374 skipping to change at line 332
def AuthDecap(enc, skR, pkS): def AuthDecap(enc, skR, pkS):
pkE = DeserializePublicKey(enc) pkE = DeserializePublicKey(enc)
dh = concat(DH(skR, pkE), DH(skR, pkS)) dh = concat(DH(skR, pkE), DH(skR, pkS))
pkRm = SerializePublicKey(pk(skR)) pkRm = SerializePublicKey(pk(skR))
pkSm = SerializePublicKey(pkS) pkSm = SerializePublicKey(pkS)
kem_context = concat(enc, pkRm, pkSm) kem_context = concat(enc, pkRm, pkSm)
shared_secret = ExtractAndExpand(dh, kem_context) shared_secret = ExtractAndExpand(dh, kem_context)
return shared_secret return shared_secret
]]></sourcecode> ]]></artwork>
<t>The implicit <tt>suite_id</tt> value used within <tt>LabeledExtract</ tt> and <t>The implicit <tt>suite_id</tt> value used within <tt>LabeledExtract</ tt> and
<tt>LabeledExpand</tt> is defined as follows, where <tt>kem_id</tt> is defined <tt>LabeledExpand</tt> is defined as follows, where <tt>kem_id</tt> is defined
in <xref target="kem-ids" format="default"/>:</t> in <xref target="kem-ids" format="default"/>:</t>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
suite_id = concat("KEM", I2OSP(kem_id, 2)) suite_id = concat("KEM", I2OSP(kem_id, 2))
]]></sourcecode> ]]></artwork>
<t>The KDF used in DHKEM can be equal to or different from the KDF used <t>The KDF used in DHKEM can be equal to or different from the KDF used
in the remainder of HPKE, depending on the chosen variant. in the remainder of HPKE, depending on the chosen variant.
Implementations <bcp14>MUST</bcp14> make sure to use the constants (<tt>Nh</tt>) and function Implementations MUST make sure to use the constants (<tt>Nh</tt>) and function
calls (<tt>LabeledExtract</tt> and <tt>LabeledExpand</tt>) of the appropriate KD F when calls (<tt>LabeledExtract</tt> and <tt>LabeledExpand</tt>) of the appropriate KD F when
implementing DHKEM. See <xref target="kdf-choice" format="default"/> for a comme nt on the choice of implementing DHKEM. See <xref target="kdf-choice" format="default"/> for a comme nt on the choice of
a KDF for the remainder of HPKE and <xref target="domain-separation" format="def a KDF for the remainder of HPKE, and <xref target="domain-separation" format="de
ault"/> for the fault"/> for the
rationale of the labels.</t> rationale of the labels.</t>
<!--[rfced] Please clarify "of is". Do you want to update the text
to match the sentence that is earlier in the same paragraph?
Original:
For X25519 and X448, the
size "Ndh" of is equal to 32 and 56, respectively (see [RFC7748],
Section 5).
Perhaps:
For X25519 and X448, the size "Ndh" of the Diffie-Hellman shared
secret is equal to 32 and 56, respectively (see [RFC7748], Section 5).
Or (simply remove "of"):
For X25519 and X448, the size "Ndh" is equal to 32 and 56,
respectively (see [RFC7748], Section 5).
<t>For the variants of DHKEM defined in this document, the size <tt>Nsec ret</tt> of the <t>For the variants of DHKEM defined in this document, the size <tt>Nsec ret</tt> of the
KEM shared secret is equal to the output length of the hash function KEM shared secret is equal to the output length of the hash function
underlying the KDF. For P-256, P-384, and P-521, the size <tt>Ndh</tt> of the underlying the KDF. For P-256, P-384, and P-521, the size <tt>Ndh</tt> of the
Diffie-Hellman shared secret is equal to 32, 48, and 66, respectively, Diffie-Hellman shared secret is equal to 32, 48, and 66, respectively,
corresponding to the x-coordinate of the resulting elliptic curve point <xref ta rget="IEEE1363" format="default"/>. corresponding to the x-coordinate of the resulting elliptic curve point <xref ta rget="IEEE1363" format="default"/>.
For X25519 and X448, the size <tt>Ndh</tt> of is equal to 32 and 56, respectivel For X25519 and X448, the size <tt>Ndh</tt> is equal to 32 and 56, respectively
y (see <xref target="RFC7748" format="default"/>, Section 5).</t>
(see <xref target="RFC7748" section="5" sectionFormat="comma" format="default"/>
).</t>
<t>It is important to note that the <tt>AuthEncap()</tt> and <tt>AuthDec ap()</tt> functions of the <t>It is important to note that the <tt>AuthEncap()</tt> and <tt>AuthDec ap()</tt> functions of the
DHKEM variants defined in this document are vulnerable to key compromise DHKEM variants defined in this document are vulnerable to key-compromise
impersonation (KCI). This means the assurance that the KEM shared secret impersonation (KCI). This means the assurance that the KEM shared secret
was generated by the holder of the private key <tt>skS</tt> does not hold if was generated by the holder of the private key <tt>skS</tt> does not hold if
the recipient private key <tt>skR</tt> is compromised. See <xref target="sec-pro perties" format="default"/> the recipient private key <tt>skR</tt> is compromised. See <xref target="sec-pro perties" format="default"/>
for more details.</t> for more details.</t>
<t>Senders and recipients <bcp14>MUST</bcp14> validate KEM inputs and ou tputs, as described <t>Senders and recipients MUST validate KEM inputs and outputs as descri bed
in <xref target="kem-ids" format="default"/>.</t> in <xref target="kem-ids" format="default"/>.</t>
</section> </section>
</section> </section>
<section anchor="hpke" numbered="true" toc="default"> <section anchor="hpke" numbered="true" toc="default">
<name>Hybrid Public Key Encryption</name> <name>Hybrid Public Key Encryption</name>
<t>In this section, we define a few HPKE variants. All variants take a <t>In this section, we define a few HPKE variants. All variants take a
recipient public key and a sequence of plaintexts <tt>pt</tt> and produce an recipient public key and a sequence of plaintexts <tt>pt</tt> and produce an
encapsulated key <tt>enc</tt> and a sequence of ciphertexts <tt>ct</tt>. These outputs are encapsulated key <tt>enc</tt> and a sequence of ciphertexts <tt>ct</tt>. These outputs are
constructed so that only the holder of <tt>skR</tt> can decapsulate the key from constructed so that only the holder of <tt>skR</tt> can decapsulate the key from
<tt>enc</tt> and decrypt the ciphertexts. All the algorithms also take an <tt>enc</tt> and decrypt the ciphertexts. All the algorithms also take an
skipping to change at line 468 skipping to change at line 408
<td align="left">mode_auth</td> <td align="left">mode_auth</td>
<td align="left">0x02</td> <td align="left">0x02</td>
</tr> </tr>
<tr> <tr>
<td align="left">mode_auth_psk</td> <td align="left">mode_auth_psk</td>
<td align="left">0x03</td> <td align="left">0x03</td>
</tr> </tr>
</tbody> </tbody>
</table> </table>
<t>All these cases follow the same basic two-step pattern:</t> <t>All these cases follow the same basic two-step pattern:</t>
<ol spacing="normal" type="1"> <ol spacing="normal" type="1"><li>Set up an encryption context that is sha
<li>Set up an encryption context that is shared between the sender red between the sender
and the recipient.</li> and the recipient.</li>
<li>Use that context to encrypt or decrypt content.</li> <li>Use that context to encrypt or decrypt content.</li>
</ol> </ol>
<t>A <em>context</em> is an implementation-specific structure that encodes <t>A <em>context</em> is an implementation-specific structure that encodes
the AEAD algorithm and key in use and manages the nonces used so the AEAD algorithm and key in use, and manages the nonces used so
that the same nonce is not used with multiple plaintexts. It also that the same nonce is not used with multiple plaintexts. It also
has an interface for exporting secret values, as described in has an interface for exporting secret values, as described in
<xref target="hpke-export" format="default"/>. See <xref target="hpke-dem" forma t="default"/> for a description of this structure <xref target="hpke-export" format="default"/>. See <xref target="hpke-dem" forma t="default"/> for a description of this structure
and its interfaces. HPKE decryption fails when the underlying AEAD and its interfaces. HPKE decryption fails when the underlying AEAD
decryption fails.</t> decryption fails.</t>
<t>The constructions described here presume that the relevant non-private <t>The constructions described here presume that the relevant non-private
parameters (<tt>enc</tt>, <tt>psk_id</tt>, etc.) are transported between the sen der and the parameters (<tt>enc</tt>, <tt>psk_id</tt>, etc.) are transported between the sen der and the
recipient by some application making use of HPKE. Moreover, a recipient with mor e recipient by some application making use of HPKE. Moreover, a recipient with mor e
than one public key needs some way of determining which of its public keys were than one public key needs some way of determining which of its public keys was
used for the encapsulation operation. As an example, applications may send this used for the encapsulation operation. As an example, applications may send this
information alongside a ciphertext from the sender to the recipient. Specificati on of information alongside a ciphertext from the sender to the recipient. Specificati on of
such a mechanism is left to the application. See <xref target="message-encoding" format="default"/> for more such a mechanism is left to the application. See <xref target="message-encoding" format="default"/> for more
details.</t> details.</t>
<t>Note that some KEMs may not support <tt>AuthEncap()</tt> or <tt>AuthDec ap()</tt>. <t>Note that some KEMs may not support <tt>AuthEncap()</tt> or <tt>AuthDec ap()</tt>.
For such KEMs, only <tt>mode_base</tt> or <tt>mode_psk</tt> are supported. Futur e specifications For such KEMs, only <tt>mode_base</tt> or <tt>mode_psk</tt> are supported. Futur e specifications
that define new KEMs <bcp14>MUST</bcp14> indicate whether these modes are suppor ted. which define new KEMs MUST indicate whether these modes are supported.
See <xref target="future-kems" format="default"/> for more details.</t> See <xref target="future-kems" format="default"/> for more details.</t>
<t>The procedures described in this section are laid out in a <t>The procedures described in this section are laid out in a
Python-like pseudocode. The algorithms in use are left implicit.</t> Python-like pseudocode. The algorithms in use are left implicit.</t>
<section anchor="encryption-context" numbered="true" toc="default"> <section anchor="encryption-context" numbered="true" toc="default">
<name>Creating the Encryption Context</name> <name>Creating the Encryption Context</name>
<t>The variants of HPKE defined in this document share a common <t>The variants of HPKE defined in this document share a common
key schedule that translates the protocol inputs into an encryption key schedule that translates the protocol inputs into an encryption
context. The key schedule inputs are as follows:</t> context. The key schedule inputs are as follows:</t>
<dl newline="false" spacing="normal"> <ul spacing="normal">
<dt><tt>mode</tt>:</dt> <li>
<dd>A one-byte value indicating the HPKE mode, defined in <xref <tt>mode</tt> - A one-byte value indicating the HPKE mode, defined i
target="hpke-modes" format="default"/>.</dd> n <xref target="hpke-modes" format="default"/>.</li>
<dt><tt>shared_secret</tt>:</dt> <li>
<dd>A KEM shared secret generated for this transaction.</dd> <tt>shared_secret</tt> - A KEM shared secret generated for this tran
<dt><tt>info</tt>:</dt> saction.</li>
<dd>Application-supplied information (optional; default value "").</dd> <li>
<dt><tt>psk</tt>:</dt> <tt>info</tt> - Application-supplied information (optional; default
<dd>A pre-shared key (PSK) held by both the sender and the recipient (o value
ptional; "").</li>
default value "").</dd> <li>
<dt><tt>psk_id</tt>:</dt> <tt>psk</tt> - A pre-shared key (PSK) held by both the sender
<dd>An identifier for the PSK (optional; default value "").</dd> and the recipient (optional; default value "").</li>
</dl> <li>
<t>Senders and recipients <bcp14>MUST</bcp14> validate KEM inputs and ou <tt>psk_id</tt> - An identifier for the PSK (optional; default value
tputs, as described "").</li>
</ul>
<t>Senders and recipients MUST validate KEM inputs and outputs as descri
bed
in <xref target="kem-ids" format="default"/>.</t> in <xref target="kem-ids" format="default"/>.</t>
<t>The <tt>psk</tt> and <tt>psk_id</tt> fields <bcp14>MUST</bcp14> appea r together or not at all. <t>The <tt>psk</tt> and <tt>psk_id</tt> fields MUST appear together or n ot at all.
That is, if a non-default value is provided for one of them, then That is, if a non-default value is provided for one of them, then
the other <bcp14>MUST</bcp14> be set to a non-default value. This requirement is the other MUST be set to a non-default value. This requirement is
encoded in <tt>VerifyPSKInputs()</tt> below.</t> encoded in <tt>VerifyPSKInputs()</tt> below.</t>
<t>The <tt>psk</tt>, <tt>psk_id</tt>, and <tt>info</tt> fields have maxi mum lengths that depend <t>The <tt>psk</tt>, <tt>psk_id</tt>, and <tt>info</tt> fields have maxi mum lengths that depend
on the KDF itself, on the definition of <tt>LabeledExtract()</tt>, and on the on the KDF itself, on the definition of <tt>LabeledExtract()</tt>, and on the
constant labels used together with them. See <xref target="kdf-input-length" for mat="default"/> for constant labels used together with them. See <xref target="kdf-input-length" for mat="default"/> for
precise limits on these lengths.</t> precise limits on these lengths.</t>
<t>The <tt>key</tt>, <tt>base_nonce</tt>, and <tt>exporter_secret</tt> c omputed by the key schedule <t>The <tt>key</tt>, <tt>base_nonce</tt>, and <tt>exporter_secret</tt> c omputed by the key schedule
have the property that they are only known to the holder of the recipient have the property that they are only known to the holder of the recipient
private key and the entity that used the KEM to generate <tt>shared_secret</tt> and private key, and the entity that used the KEM to generate <tt>shared_secret</tt> and
<tt>enc</tt>.</t> <tt>enc</tt>.</t>
<t>In the Auth and AuthPSK modes, the recipient is assured that the send er <t>In the Auth and AuthPSK modes, the recipient is assured that the send er
held the private key <tt>skS</tt>. This assurance is limited for the DHKEM held the private key <tt>skS</tt>. This assurance is limited for the DHKEM
variants defined in this document because of key compromise impersonation, variants defined in this document because of key-compromise impersonation,
as described in Sections <xref target="dhkem" format="counter"/> and <xref targe as described in <xref target="dhkem" format="default"/> and <xref target="sec-pr
t="sec-properties" format="counter"/>. If in the PSK and operties" format="default"/>. If in the PSK and
AuthPSK modes, the <tt>psk</tt> and <tt>psk_id</tt> arguments are provided as re AuthPSK modes, the <tt>psk</tt> and <tt>psk_id</tt> arguments are provided as re
quired; quired,
then, the recipient is assured that the sender held the corresponding then the recipient is assured that the sender held the corresponding
pre-shared key. See <xref target="sec-properties" format="default"/> for more de tails.</t> pre-shared key. See <xref target="sec-properties" format="default"/> for more de tails.</t>
<t>The HPKE algorithm identifiers, i.e., the KEM <tt>kem_id</tt>, KDF <t t>kdf_id</tt>, and <t>The HPKE algorithm identifiers, i.e., the KEM <tt>kem_id</tt>, KDF <t t>kdf_id</tt>, and
AEAD <tt>aead_id</tt> 2-byte code points, as defined in Tables <xref target="kem AEAD <tt>aead_id</tt> 2-byte code points, as defined in <xref target="kemid-valu
id-values" format="counter"/>, <xref target="kdfid-values" format="counter"/>, es" format="default"/>, <xref target="kdfid-values" format="default"/>,
and <xref target="aeadid-values" format="counter"/>, respectively, are assumed i and <xref target="aeadid-values" format="default"/>, respectively, are assumed i
mplicit from the implementation mplicit from the implementation
and not passed as parameters. The implicit <tt>suite_id</tt> value used within and not passed as parameters. The implicit <tt>suite_id</tt> value used within
<tt>LabeledExtract</tt> and <tt>LabeledExpand</tt> is defined based on them as f ollows:</t> <tt>LabeledExtract</tt> and <tt>LabeledExpand</tt> is defined based on them as f ollows:</t>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
suite_id = concat( suite_id = concat(
"HPKE", "HPKE",
I2OSP(kem_id, 2), I2OSP(kem_id, 2),
I2OSP(kdf_id, 2), I2OSP(kdf_id, 2),
I2OSP(aead_id, 2) I2OSP(aead_id, 2)
) )
]]></sourcecode> ]]></artwork>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
default_psk = "" default_psk = ""
default_psk_id = "" default_psk_id = ""
def VerifyPSKInputs(mode, psk, psk_id): def VerifyPSKInputs(mode, psk, psk_id):
got_psk = (psk != default_psk) got_psk = (psk != default_psk)
got_psk_id = (psk_id != default_psk_id) got_psk_id = (psk_id != default_psk_id)
if got_psk != got_psk_id: if got_psk != got_psk_id:
raise Exception("Inconsistent PSK inputs") raise Exception("Inconsistent PSK inputs")
if got_psk and (mode in [mode_base, mode_auth]): if got_psk and (mode in [mode_base, mode_auth]):
skipping to change at line 578 skipping to change at line 517
secret = LabeledExtract(shared_secret, "secret", psk) secret = LabeledExtract(shared_secret, "secret", psk)
key = LabeledExpand(secret, "key", key_schedule_context, Nk) key = LabeledExpand(secret, "key", key_schedule_context, Nk)
base_nonce = LabeledExpand(secret, "base_nonce", base_nonce = LabeledExpand(secret, "base_nonce",
key_schedule_context, Nn) key_schedule_context, Nn)
exporter_secret = LabeledExpand(secret, "exp", exporter_secret = LabeledExpand(secret, "exp",
key_schedule_context, Nh) key_schedule_context, Nh)
return Context<ROLE>(key, base_nonce, 0, exporter_secret) return Context<ROLE>(key, base_nonce, 0, exporter_secret)
]]></sourcecode> ]]></artwork>
<t>The <tt>ROLE</tt> template parameter is either S or R, depending on t he role of <t>The <tt>ROLE</tt> template parameter is either S or R, depending on t he role of
sender or recipient, respectively. See <xref target="hpke-dem" format="default"/ > for a discussion of the sender or recipient, respectively. See <xref target="hpke-dem" format="default"/ > for a discussion of the
key schedule output, including the role-specific <tt>Context</tt> structure and its API.</t> key schedule output, including the role-specific <tt>Context</tt> structure and its API.</t>
<t>Note that the <tt>key_schedule_context</tt> construction in <tt>KeySc hedule()</tt> is <t>Note that the <tt>key_schedule_context</tt> construction in <tt>KeySc hedule()</tt> is
equivalent to serializing a structure of the following form in the TLS presentat ion equivalent to serializing a structure of the following form in the TLS presentat ion
syntax:</t> syntax:</t>
<sourcecode name="" type="tls-presentation"><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
struct { struct {
uint8 mode; uint8 mode;
opaque psk_id_hash[Nh]; opaque psk_id_hash[Nh];
opaque info_hash[Nh]; opaque info_hash[Nh];
} KeyScheduleContext; } KeyScheduleContext;
]]></sourcecode> ]]></artwork>
<section anchor="hpke-kem" numbered="true" toc="default"> <section anchor="hpke-kem" numbered="true" toc="default">
<name>Encryption to a Public Key</name> <name>Encryption to a Public Key</name>
<t>The most basic function of an HPKE scheme is to enable encryption <t>The most basic function of an HPKE scheme is to enable encryption
to the holder of a given KEM private key. The <tt>SetupBaseS()</tt> and to the holder of a given KEM private key. The <tt>SetupBaseS()</tt> and
<tt>SetupBaseR()</tt> procedures establish contexts that can be used to <tt>SetupBaseR()</tt> procedures establish contexts that can be used to
encrypt and decrypt, respectively, for a given private key.</t> encrypt and decrypt, respectively, for a given private key.</t>
<t>The KEM shared secret is combined via the KDF <t>The KEM shared secret is combined via the KDF
with information describing the key exchange, as well as the with information describing the key exchange, as well as the
explicit <tt>info</tt> parameter provided by the caller.</t> explicit <tt>info</tt> parameter provided by the caller.</t>
<t>The parameter <tt>pkR</tt> is a public key, and <tt>enc</tt> is an encapsulated <t>The parameter <tt>pkR</tt> is a public key, and <tt>enc</tt> is an encapsulated
KEM shared secret.</t> KEM shared secret.</t>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
def SetupBaseS(pkR, info): def SetupBaseS(pkR, info):
shared_secret, enc = Encap(pkR) shared_secret, enc = Encap(pkR)
return enc, KeyScheduleS(mode_base, shared_secret, info, return enc, KeyScheduleS(mode_base, shared_secret, info,
default_psk, default_psk_id) default_psk, default_psk_id)
def SetupBaseR(enc, skR, info): def SetupBaseR(enc, skR, info):
shared_secret = Decap(enc, skR) shared_secret = Decap(enc, skR)
return KeyScheduleR(mode_base, shared_secret, info, return KeyScheduleR(mode_base, shared_secret, info,
default_psk, default_psk_id) default_psk, default_psk_id)
]]></sourcecode> ]]></artwork>
</section> </section>
<section anchor="mode-psk" numbered="true" toc="default"> <section anchor="mode-psk" numbered="true" toc="default">
<name>Authentication Using a Pre-Shared Key</name> <name>Authentication Using a Pre-Shared Key</name>
<t>This variant extends the base mechanism by allowing the recipient t o <t>This variant extends the base mechanism by allowing the recipient t o
authenticate that the sender possessed a given PSK. The PSK also authenticate that the sender possessed a given PSK. The PSK also
improves confidentiality guarantees in certain adversary models, as improves confidentiality guarantees in certain adversary models, as
described in more detail in <xref target="sec-properties" format="default"/>. We assume that both described in more detail in <xref target="sec-properties" format="default"/>. We assume that both
parties have been provisioned with both the PSK value <tt>psk</tt> and another parties have been provisioned with both the PSK value <tt>psk</tt> and another
byte string <tt>psk_id</tt> that is used to identify which PSK should be used.</ t> byte string <tt>psk_id</tt> that is used to identify which PSK should be used.</ t>
<t>The primary difference from the base case is that the <tt>psk</tt> and <tt>psk_id</tt> values <t>The primary difference from the base case is that the <tt>psk</tt> and <tt>psk_id</tt> values
are used as <tt>ikm</tt> inputs to the KDF (instead of using the empty string).< /t> are used as <tt>ikm</tt> inputs to the KDF (instead of using the empty string).< /t>
<t>The PSK <bcp14>MUST</bcp14> have at least 32 bytes of entropy and < bcp14>SHOULD</bcp14> be of length <tt>Nh</tt> <t>The PSK MUST have at least 32 bytes of entropy and SHOULD be of len gth <tt>Nh</tt>
bytes or longer. See <xref target="security-psk" format="default"/> for a more d etailed discussion.</t> bytes or longer. See <xref target="security-psk" format="default"/> for a more d etailed discussion.</t>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
def SetupPSKS(pkR, info, psk, psk_id): def SetupPSKS(pkR, info, psk, psk_id):
shared_secret, enc = Encap(pkR) shared_secret, enc = Encap(pkR)
return enc, KeyScheduleS(mode_psk, shared_secret, info, psk, psk_id) return enc, KeyScheduleS(mode_psk, shared_secret, info, psk, psk_id)
def SetupPSKR(enc, skR, info, psk, psk_id): def SetupPSKR(enc, skR, info, psk, psk_id):
shared_secret = Decap(enc, skR) shared_secret = Decap(enc, skR)
return KeyScheduleR(mode_psk, shared_secret, info, psk, psk_id) return KeyScheduleR(mode_psk, shared_secret, info, psk, psk_id)
]]></sourcecode> ]]></artwork>
</section> </section>
<section anchor="mode-auth" numbered="true" toc="default"> <section anchor="mode-auth" numbered="true" toc="default">
<name>Authentication Using an Asymmetric Key</name> <name>Authentication Using an Asymmetric Key</name>
<t>This variant extends the base mechanism by allowing the recipient <t>This variant extends the base mechanism by allowing the recipient
to authenticate that the sender possessed a given KEM private key. to authenticate that the sender possessed a given KEM private key.
This is because <tt>AuthDecap(enc, skR, pkS)</tt> produces the correct KEM This is because <tt>AuthDecap(enc, skR, pkS)</tt> produces the correct KEM
shared secret only if the encapsulated value <tt>enc</tt> was produced by shared secret only if the encapsulated value <tt>enc</tt> was produced by
<tt>AuthEncap(pkR, skS)</tt>, where <tt>skS</tt> is the private key correspondin g <tt>AuthEncap(pkR, skS)</tt>, where <tt>skS</tt> is the private key correspondin g
to <tt>pkS</tt>. In other words, at most two entities (precisely two in the cas e to <tt>pkS</tt>. In other words, at most two entities (precisely two, in the ca se
of DHKEM) could have produced this secret, so if the recipient is at most one, t hen of DHKEM) could have produced this secret, so if the recipient is at most one, t hen
the sender is the other with overwhelming probability.</t> the sender is the other with overwhelming probability.</t>
<t>The primary difference from the base case is that the calls to <t>The primary difference from the base case is that the calls to
<tt>Encap()</tt> and <tt>Decap()</tt> are replaced with calls to <tt>AuthEncap() </tt> and <tt>Encap()</tt> and <tt>Decap()</tt> are replaced with calls to <tt>AuthEncap() </tt> and
<tt>AuthDecap()</tt>, which add the sender public key to their internal <tt>AuthDecap()</tt>, which add the sender public key to their internal
context string. The function parameters <tt>pkR</tt> and <tt>pkS</tt> are context string. The function parameters <tt>pkR</tt> and <tt>pkS</tt> are
public keys, and <tt>enc</tt> is an encapsulated KEM shared secret.</t> public keys, and <tt>enc</tt> is an encapsulated KEM shared secret.</t>
<t>Obviously, this variant can only be used with a KEM that provides <t>Obviously, this variant can only be used with a KEM that provides
<tt>AuthEncap()</tt> and <tt>AuthDecap()</tt> procedures.</t> <tt>AuthEncap()</tt> and <tt>AuthDecap()</tt> procedures.</t>
<t>This mechanism authenticates only the key pair of the sender, not <t>This mechanism authenticates only the key pair of the sender, not
any other identifier. If an application wishes to bind HPKE any other identifier. If an application wishes to bind HPKE
ciphertexts or exported secrets to another identity for the sender ciphertexts or exported secrets to another identity for the sender
(e.g., an email address or domain name), then this identifier should be (e.g., an email address or domain name), then this identifier should be
included in the <tt>info</tt> parameter to avoid identity misbinding issues <xre f target="IMB" format="default"/>.</t> included in the <tt>info</tt> parameter to avoid identity misbinding issues <xre f target="IMB" format="default"/>.</t>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
def SetupAuthS(pkR, info, skS): def SetupAuthS(pkR, info, skS):
shared_secret, enc = AuthEncap(pkR, skS) shared_secret, enc = AuthEncap(pkR, skS)
return enc, KeyScheduleS(mode_auth, shared_secret, info, return enc, KeyScheduleS(mode_auth, shared_secret, info,
default_psk, default_psk_id) default_psk, default_psk_id)
def SetupAuthR(enc, skR, info, pkS): def SetupAuthR(enc, skR, info, pkS):
shared_secret = AuthDecap(enc, skR, pkS) shared_secret = AuthDecap(enc, skR, pkS)
return KeyScheduleR(mode_auth, shared_secret, info, return KeyScheduleR(mode_auth, shared_secret, info,
default_psk, default_psk_id) default_psk, default_psk_id)
]]></sourcecode> ]]></artwork>
</section> </section>
<section anchor="mode-auth-psk" numbered="true" toc="default"> <section anchor="mode-auth-psk" numbered="true" toc="default">
<name>Authentication Using Both a PSK and an Asymmetric Key</name> <name>Authentication Using Both a PSK and an Asymmetric Key</name>
<t>This mode is a straightforward combination of the PSK and <t>This mode is a straightforward combination of the PSK and authentic
authenticated modes. The PSK is passed through to the key schedule, ated modes.
as in the former, and we use the authenticated KEM Like the PSK mode, a PSK is provided as input to the key schedule, and like the
variants, as in the latter.</t> authenticated mode, authenticated KEM variants are used.</t>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
def SetupAuthPSKS(pkR, info, psk, psk_id, skS): def SetupAuthPSKS(pkR, info, psk, psk_id, skS):
shared_secret, enc = AuthEncap(pkR, skS) shared_secret, enc = AuthEncap(pkR, skS)
return enc, KeyScheduleS(mode_auth_psk, shared_secret, info, return enc, KeyScheduleS(mode_auth_psk, shared_secret, info,
psk, psk_id) psk, psk_id)
def SetupAuthPSKR(enc, skR, info, psk, psk_id, pkS): def SetupAuthPSKR(enc, skR, info, psk, psk_id, pkS):
shared_secret = AuthDecap(enc, skR, pkS) shared_secret = AuthDecap(enc, skR, pkS)
return KeyScheduleR(mode_auth_psk, shared_secret, info, return KeyScheduleR(mode_auth_psk, shared_secret, info,
psk, psk_id) psk, psk_id)
]]></sourcecode> ]]></artwork>
<t>The PSK <bcp14>MUST</bcp14> have at least 32 bytes of entropy and < <t>The PSK MUST have at least 32 bytes of entropy and SHOULD be of len
bcp14>SHOULD</bcp14> be of length <tt>Nh</tt> gth <tt>Nh</tt>
bytes or longer. See <xref target="security-psk" format="default"/> for a more d etailed discussion.</t> bytes or longer. See <xref target="security-psk" format="default"/> for a more d etailed discussion.</t>
</section> </section>
</section> </section>
<section anchor="hpke-dem" numbered="true" toc="default"> <section anchor="hpke-dem" numbered="true" toc="default">
<name>Encryption and Decryption</name> <name>Encryption and Decryption</name>
<t>HPKE allows multiple encryption operations to be done based on a <t>HPKE allows multiple encryption operations to be done based on a
given setup transaction. Since the public-key operations involved given setup transaction. Since the public key operations involved
in setup are typically more expensive than symmetric encryption or in setup are typically more expensive than symmetric encryption or
decryption, this allows applications to amortize the cost of the decryption, this allows applications to amortize the cost of the
public-key operations, reducing the overall overhead.</t> public key operations, reducing the overall overhead.</t>
<t>However, in order to avoid nonce reuse, this encryption must be <t>In order to avoid nonce reuse, however, this encryption must be
stateful. Each of the setup procedures above produces a role-specific stateful. Each of the setup procedures above produces a role-specific
context object that stores the AEAD and Secret Export parameters. context object that stores the AEAD and secret export parameters.
The AEAD parameters consist of:</t> The AEAD parameters consist of:</t>
<ul spacing="normal"> <ul spacing="normal">
<li>the AEAD algorithm in use,</li> <li>The AEAD algorithm in use</li>
<li>a secret <tt>key</tt>,</li> <li>A secret <tt>key</tt></li>
<li>a base nonce <tt>base_nonce</tt>, and</li> <li>A base nonce <tt>base_nonce</tt></li>
<li>a sequence number (initially 0).</li> <li>A sequence number (initially 0)</li>
</ul> </ul>
<t>The Secret Export parameters consist of:</t> <t>The secret export parameters consist of:</t>
<ul spacing="normal"> <ul spacing="normal">
<li>the HPKE ciphersuite in use and</li> <li>The HPKE ciphersuite in use and</li>
<li>an <tt>exporter_secret</tt> used for the Secret Export interface ( <li>An <tt>exporter_secret</tt> used for the secret export interface (
see see
<xref target="hpke-export" format="default"/>).</li> <xref target="hpke-export" format="default"/>)</li>
</ul> </ul>
<t>All these parameters, except the AEAD sequence number, are constant. <t>All these parameters except the AEAD sequence number are constant.
The sequence number provides nonce uniqueness: The nonce used for The sequence number provides nonce uniqueness: The nonce used for
each encryption or decryption operation is the result of XORing each encryption or decryption operation is the result of XORing
<tt>base_nonce</tt> with the current sequence number, encoded as a big-endian <tt>base_nonce</tt> with the current sequence number, encoded as a big-endian
integer of the same length as <tt>base_nonce</tt>. Implementations <bcp14>MAY</b cp14> use a integer of the same length as <tt>base_nonce</tt>. Implementations MAY use a
sequence number that is shorter than the nonce length (padding on the left sequence number that is shorter than the nonce length (padding on the left
with zero) but <bcp14>MUST</bcp14> raise an error if the sequence number overflo ws. The AEAD with zero), but MUST raise an error if the sequence number overflows. The AEAD
algorithm produces ciphertext that is Nt bytes longer than the plaintext. algorithm produces ciphertext that is Nt bytes longer than the plaintext.
Nt = 16 for AEAD algorithms defined in this document.</t> Nt = 16 for AEAD algorithms defined in this document.</t>
<t>Encryption is unidirectional from the sender to the recipient. The se nder's <t>Encryption is unidirectional from sender to recipient. The sender's
context can encrypt a plaintext <tt>pt</tt> with associated data <tt>aad</tt> as context can encrypt a plaintext <tt>pt</tt> with associated data <tt>aad</tt> as
follows:</t> follows:</t>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
def ContextS.Seal(aad, pt): def ContextS.Seal(aad, pt):
ct = Seal(self.key, self.ComputeNonce(self.seq), aad, pt) ct = Seal(self.key, self.ComputeNonce(self.seq), aad, pt)
self.IncrementSeq() self.IncrementSeq()
return ct return ct
]]></sourcecode> ]]></artwork>
<t>The recipient's context can decrypt a ciphertext <tt>ct</tt> with ass ociated <t>The recipient's context can decrypt a ciphertext <tt>ct</tt> with ass ociated
data <tt>aad</tt> as follows:</t> data <tt>aad</tt> as follows:</t>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
def ContextR.Open(aad, ct): def ContextR.Open(aad, ct):
pt = Open(self.key, self.ComputeNonce(self.seq), aad, ct) pt = Open(self.key, self.ComputeNonce(self.seq), aad, ct)
if pt == OpenError: if pt == OpenError:
raise OpenError raise OpenError
self.IncrementSeq() self.IncrementSeq()
return pt return pt
]]></sourcecode> ]]></artwork>
<t>Each encryption or decryption operation increments the sequence numbe r for <t>Each encryption or decryption operation increments the sequence numbe r for
the context in use. The per-message nonce and sequence number increment the context in use. The per-message nonce and sequence number increment
details are as follows:</t> details are as follows:</t>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
def Context<ROLE>.ComputeNonce(seq): def Context<ROLE>.ComputeNonce(seq):
seq_bytes = I2OSP(seq, Nn) seq_bytes = I2OSP(seq, Nn)
return xor(self.base_nonce, seq_bytes) return xor(self.base_nonce, seq_bytes)
def Context<ROLE>.IncrementSeq(): def Context<ROLE>.IncrementSeq():
if self.seq >= (1 << (8*Nn)) - 1: if self.seq >= (1 << (8*Nn)) - 1:
raise MessageLimitReachedError raise MessageLimitReachedError
self.seq += 1 self.seq += 1
]]></sourcecode> ]]></artwork>
<t>The sender's context <bcp14>MUST NOT</bcp14> be used for decryption. <t>The sender's context MUST NOT be used for decryption. Similarly, the
Similarly, the recipient's recipient's
context <bcp14>MUST NOT</bcp14> be used for encryption. Higher-level protocols r context MUST NOT be used for encryption. Higher-level protocols reusing the HPKE
eusing the HPKE
key exchange for more general purposes can derive separate keying material as key exchange for more general purposes can derive separate keying material as
needed, using use the Secret Export interface; see Sections <xref target="hpke-e xport" format="counter"/> and <xref target="bidirectional" format="counter"/> needed using use the secret export interface; see <xref target="hpke-export" for mat="default"/> and <xref target="bidirectional" format="default"/>
for more details.</t> for more details.</t>
<t>It is up to the application to ensure that encryptions and decryption s are <t>It is up to the application to ensure that encryptions and decryption s are
done in the proper sequence so that encryption and decryption nonces align. done in the proper sequence, so that encryption and decryption nonces align.
If <tt>ContextS.Seal()</tt> or <tt>ContextR.Open()</tt> would cause the <tt>seq< /tt> field to If <tt>ContextS.Seal()</tt> or <tt>ContextR.Open()</tt> would cause the <tt>seq< /tt> field to
overflow, then the implementation <bcp14>MUST</bcp14> fail with an error. (In th e pseudocode overflow, then the implementation MUST fail with an error. (In the pseudocode
below, <tt>Context&lt;ROLE&gt;.IncrementSeq()</tt> fails with an error when <tt> seq</tt> overflows, below, <tt>Context&lt;ROLE&gt;.IncrementSeq()</tt> fails with an error when <tt> seq</tt> overflows,
which causes <tt>ContextS.Seal()</tt> and <tt>ContextR.Open()</tt> to fail accor dingly.) which causes <tt>ContextS.Seal()</tt> and <tt>ContextR.Open()</tt> to fail accor dingly.)
Note that the internal <tt>Seal()</tt> and <tt>Open()</tt> calls inside correspo nd to the Note that the internal <tt>Seal()</tt> and <tt>Open()</tt> calls inside correspo nd to the
context's AEAD algorithm.</t> context's AEAD algorithm.</t>
</section> </section>
<section anchor="hpke-export" numbered="true" toc="default"> <section anchor="hpke-export" numbered="true" toc="default">
<name>Secret Export</name> <name>Secret Export</name>
<t>HPKE provides an interface for exporting secrets from the encryption context <t>HPKE provides an interface for exporting secrets from the encryption context
using a variable-length pseudorandom function (PRF), similar to the TLS 1.3 expo rter interface using a variable-length pseudorandom function (PRF), similar to the TLS 1.3 expo rter interface
(see <xref target="RFC8446" section="7.5" sectionFormat="comma" format="default" (see <xref target="RFC8446" format="default"/>, Section 7.5). This interface tak
/>). This interface takes as input a context es as input a context
string <tt>exporter_context</tt> and a desired length <tt>L</tt> in bytes and pr string <tt>exporter_context</tt> and a desired length <tt>L</tt> in bytes, and p
oduces roduces
a secret derived from the internal exporter secret using the corresponding a secret derived from the internal exporter secret using the corresponding
KDF Expand function. For the KDFs defined in this specification, <tt>L</tt> has KDF Expand function. For the KDFs defined in this specification, <tt>L</tt> has
a maximum value of <tt>255*Nh</tt>. Future specifications that define new KDFs a maximum value of <tt>255*Nh</tt>. Future specifications that define new KDFs
<bcp14>MUST</bcp14> specify a bound for <tt>L</tt>.</t> MUST specify a bound for <tt>L</tt>.</t>
<t>The <tt>exporter_context</tt> field has a maximum length that depends on the KDF <t>The <tt>exporter_context</tt> field has a maximum length that depends on the KDF
itself, on the definition of <tt>LabeledExpand()</tt>, and on the constant label s itself, on the definition of <tt>LabeledExpand()</tt>, and on the constant label s
used together with them. See <xref target="kdf-input-length" format="default"/> for precise limits on this used together with them. See <xref target="kdf-input-length" format="default"/> for precise limits on this
length.</t> length.</t>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
def Context.Export(exporter_context, L): def Context.Export(exporter_context, L):
return LabeledExpand(self.exporter_secret, "sec", return LabeledExpand(self.exporter_secret, "sec",
exporter_context, L) exporter_context, L)
]]></sourcecode> ]]></artwork>
<t>Applications that do not use the encryption API in <xref target="hpke -dem" format="default"/> can use <t>Applications that do not use the encryption API in <xref target="hpke -dem" format="default"/> can use
the export-only AEAD ID <tt>0xFFFF</tt> when computing the key schedule. Such the export-only AEAD ID <tt>0xFFFF</tt> when computing the key schedule. Such
applications can avoid computing the <tt>key</tt> and <tt>base_nonce</tt> values in the applications can avoid computing the <tt>key</tt> and <tt>base_nonce</tt> values in the
key schedule, as they are not used by the Export interface described above.</t> key schedule, as they are not used by the Export interface described above.</t>
</section> </section>
</section> </section>
<section anchor="single-shot-apis" numbered="true" toc="default"> <section anchor="single-shot-apis" numbered="true" toc="default">
<name>Single-Shot APIs</name> <name>Single-Shot APIs</name>
<section anchor="single-shot-encryption" numbered="true" toc="default"> <section anchor="single-shot-encryption" numbered="true" toc="default">
<name>Encryption and Decryption</name> <name>Encryption and Decryption</name>
<t>In many cases, applications encrypt only a single message to a recipi ent's public key. <t>In many cases, applications encrypt only a single message to a recipi ent's public key.
This section provides templates for HPKE APIs that implement stateless "single-s hot" This section provides templates for HPKE APIs that implement stateless "single-s hot"
encryption and decryption using APIs specified in Sections <xref target="hpke-ke encryption and decryption using APIs specified in <xref target="hpke-kem" format
m" format="counter"/> and <xref target="hpke-dem" format="counter"/>:</t> ="default"/> and <xref target="hpke-dem" format="default"/>:</t>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
def Seal<MODE>(pkR, info, aad, pt, ...): def Seal<MODE>(pkR, info, aad, pt, ...):
enc, ctx = Setup<MODE>S(pkR, info, ...) enc, ctx = Setup<MODE>S(pkR, info, ...)
ct = ctx.Seal(aad, pt) ct = ctx.Seal(aad, pt)
return enc, ct return enc, ct
def Open<MODE>(enc, skR, info, aad, ct, ...): def Open<MODE>(enc, skR, info, aad, ct, ...):
ctx = Setup<MODE>R(enc, skR, info, ...) ctx = Setup<MODE>R(enc, skR, info, ...)
return ctx.Open(aad, ct) return ctx.Open(aad, ct)
]]></sourcecode> ]]></artwork>
<t>The <tt>MODE</tt> template parameter is one of Base, PSK, Auth, or Au thPSK. The optional parameters <t>The <tt>MODE</tt> template parameter is one of Base, PSK, Auth, or Au thPSK. The optional parameters
indicated by "..." depend on <tt>MODE</tt> and may be empty. For example, <tt>Se tupBase()</tt> has no indicated by "..." depend on <tt>MODE</tt> and may be empty. For example, <tt>Se tupBase()</tt> has no
additional parameters. <tt>SealAuthPSK()</tt> and <tt>OpenAuthPSK()</tt> would b e implemented as follows:</t> additional parameters. <tt>SealAuthPSK()</tt> and <tt>OpenAuthPSK()</tt> would b e implemented as follows:</t>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
def SealAuthPSK(pkR, info, aad, pt, psk, psk_id, skS): def SealAuthPSK(pkR, info, aad, pt, psk, psk_id, skS):
enc, ctx = SetupAuthPSKS(pkR, info, psk, psk_id, skS) enc, ctx = SetupAuthPSKS(pkR, info, psk, psk_id, skS)
ct = ctx.Seal(aad, pt) ct = ctx.Seal(aad, pt)
return enc, ct return enc, ct
def OpenAuthPSK(enc, skR, info, aad, ct, psk, psk_id, pkS): def OpenAuthPSK(enc, skR, info, aad, ct, psk, psk_id, pkS):
ctx = SetupAuthPSKR(enc, skR, info, psk, psk_id, pkS) ctx = SetupAuthPSKR(enc, skR, info, psk, psk_id, pkS)
return ctx.Open(aad, ct) return ctx.Open(aad, ct)
]]></sourcecode> ]]></artwork>
</section> </section>
<section anchor="secret-export" numbered="true" toc="default"> <section anchor="secret-export" numbered="true" toc="default">
<name>Secret Export</name> <name>Secret Export</name>
<t>Applications may also want to derive a secret known only to a given r ecipient. <t>Applications may also want to derive a secret known only to a given r ecipient.
This section provides templates for HPKE APIs that implement stateless This section provides templates for HPKE APIs that implement stateless
"single-shot" secret export using APIs specified in <xref target="hpke-export" f ormat="default"/>:</t> "single-shot" secret export using APIs specified in <xref target="hpke-export" f ormat="default"/>:</t>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
def SendExport<MODE>(pkR, info, exporter_context, L, ...): def SendExport<MODE>(pkR, info, exporter_context, L, ...):
enc, ctx = Setup<MODE>S(pkR, info, ...) enc, ctx = Setup<MODE>S(pkR, info, ...)
exported = ctx.Export(exporter_context, L) exported = ctx.Export(exporter_context, L)
return enc, exported return enc, exported
def ReceiveExport<MODE>(enc, skR, info, exporter_context, L, ...): def ReceiveExport<MODE>(enc, skR, info, exporter_context, L, ...):
ctx = Setup<MODE>R(enc, skR, info, ...) ctx = Setup<MODE>R(enc, skR, info, ...)
return ctx.Export(exporter_context, L) return ctx.Export(exporter_context, L)
]]></sourcecode> ]]></artwork>
<t>As in <xref target="single-shot-encryption" format="default"/>, the < tt>MODE</tt> template parameter is one of Base, PSK, <t>As in <xref target="single-shot-encryption" format="default"/>, the < tt>MODE</tt> template parameter is one of Base, PSK,
Auth, or AuthPSK. The optional parameters indicated by "..." depend on <tt>MODE< /tt> and may Auth, or AuthPSK. The optional parameters indicated by "..." depend on <tt>MODE< /tt> and may
be empty.</t> be empty.</t>
</section> </section>
</section> </section>
<section anchor="ciphersuites" numbered="true" toc="default"> <section anchor="ciphersuites" numbered="true" toc="default">
<name>Algorithm Identifiers</name> <name>Algorithm Identifiers</name>
<t>This section lists algorithm identifiers suitable for different HPKE co nfigurations. <t>This section lists algorithm identifiers suitable for different HPKE co nfigurations.
Future specifications may introduce new KEM, KDF, and AEAD algorithm identifiers Future specifications may introduce new KEM, KDF, and AEAD algorithm identifiers
and retain the security guarantees presented in this document, provided they adh and retain the security guarantees presented in this document provided they adhe
ere re
to the security requirements in Sections <xref target="kem-security" format="cou to the security requirements in <xref target="kem-security" format="default"/>,
nter"/>, <xref target="kdf-choice" format="counter"/>, and <xref target="aead-se <xref target="kdf-choice" format="default"/>, and <xref target="aead-security" f
curity" format="counter"/>, ormat="default"/>,
respectively.</t> respectively.</t>
<section anchor="kem-ids" numbered="true" toc="default"> <section anchor="kem-ids" numbered="true" toc="default">
<name>Key Encapsulation Mechanisms (KEMs)</name> <name>Key Encapsulation Mechanisms (KEMs)</name>
<table anchor="kemid-values" align="center"> <table anchor="kemid-values" align="center">
<name>KEM IDs</name> <name>KEM IDs</name>
<thead> <thead>
<tr> <tr>
<th align="left">Value</th> <th align="left">Value</th>
<th align="left">KEM</th> <th align="left">KEM</th>
<th align="left">Nsecret</th> <th align="left">Nsecret</th>
skipping to change at line 922 skipping to change at line 860
</tr> </tr>
<tr> <tr>
<td align="left">0x0020</td> <td align="left">0x0020</td>
<td align="left">DHKEM(X25519, HKDF-SHA256)</td> <td align="left">DHKEM(X25519, HKDF-SHA256)</td>
<td align="left">32</td> <td align="left">32</td>
<td align="left">32</td> <td align="left">32</td>
<td align="left">32</td> <td align="left">32</td>
<td align="left">32</td> <td align="left">32</td>
<td align="left">yes</td> <td align="left">yes</td>
<td align="left"> <td align="left">
<xref target="RFC5869" format="default"/>, <xref target="RFC7748 " format="default"/></td> <xref target="RFC7748" format="default"/>, <xref target="RFC5869 " format="default"/></td>
</tr> </tr>
<tr> <tr>
<td align="left">0x0021</td> <td align="left">0x0021</td>
<td align="left">DHKEM(X448, HKDF-SHA512)</td> <td align="left">DHKEM(X448, HKDF-SHA512)</td>
<td align="left">64</td> <td align="left">64</td>
<td align="left">56</td> <td align="left">56</td>
<td align="left">56</td> <td align="left">56</td>
<td align="left">56</td> <td align="left">56</td>
<td align="left">yes</td> <td align="left">yes</td>
<td align="left"> <td align="left">
<xref target="RFC5869" format="default"/>, <xref target="RFC7748 " format="default"/></td> <xref target="RFC7748" format="default"/>, <xref target="RFC5869 " format="default"/></td>
</tr> </tr>
</tbody> </tbody>
</table> </table>
<t>The <tt>Auth</tt> column indicates if the KEM algorithm provides the <tt>AuthEncap()</tt>/<tt>AuthDecap()</tt> <t>The <tt>Auth</tt> column indicates if the KEM algorithm provides the <tt>AuthEncap()</tt>/<tt>AuthDecap()</tt>
interface and is therefore suitable for the Auth and AuthPSK modes. The meaning of all interface and is therefore suitable for the Auth and AuthPSK modes. The meaning of all
other columns is explained in <xref target="kem-template" format="default"/>. Al l algorithms are suitable for the other columns is explained in <xref target="kem-template" format="default"/>. Al l algorithms are suitable for the
PSK mode.</t> PSK mode.</t>
<section anchor="serializepublickey-and-deserializepublickey" numbered=" true" toc="default"> <section anchor="serializepublickey-and-deserializepublickey" numbered=" true" toc="default">
<name>SerializePublicKey and DeserializePublicKey</name> <name>SerializePublicKey and DeserializePublicKey</name>
<t>For P-256, P-384, and P-521, the <tt>SerializePublicKey()</tt> func tion of the <t>For P-256, P-384, and P-521, the <tt>SerializePublicKey()</tt> func tion of the
KEM performs the uncompressed elliptic-curve-point-to-octet-string KEM performs the uncompressed Elliptic-Curve-Point-to-Octet-String
conversion according to <xref target="SECG" format="default"/>. <tt>DeserializeP ublicKey()</tt> performs the conversion according to <xref target="SECG" format="default"/>. <tt>DeserializeP ublicKey()</tt> performs the
uncompressed octet-string-to-elliptic-curve-point conversion.</t> uncompressed Octet-String-to-Elliptic-Curve-Point conversion.</t>
<t>For X25519 and X448, the <tt>SerializePublicKey()</tt> and <tt>Dese rializePublicKey()</tt> <t>For X25519 and X448, the <tt>SerializePublicKey()</tt> and <tt>Dese rializePublicKey()</tt>
functions are the identity function, since these curves already use functions are the identity function, since these curves already use
fixed-length byte strings for public keys.</t> fixed-length byte strings for public keys.</t>
<t>Some deserialized public keys <bcp14>MUST</bcp14> be validated befo re they can be used. See <t>Some deserialized public keys MUST be validated before they can be used. See
<xref target="validation" format="default"/> for specifics.</t> <xref target="validation" format="default"/> for specifics.</t>
</section> </section>
<section anchor="serializeprivatekey" numbered="true" toc="default"> <section anchor="serializeprivatekey" numbered="true" toc="default">
<name>SerializePrivateKey and DeserializePrivateKey</name> <name>SerializePrivateKey and DeserializePrivateKey</name>
<t>As per <xref target="SECG" format="default"/>, P-256, P-384, and P- 521 private keys are field elements in the <t>As per <xref target="SECG" format="default"/>, P-256, P-384, and P- 521 private keys are field elements in the
scalar field of the curve being used. For this section, and for scalar field of the curve being used. For this section, and for
<xref target="derive-key-pair" format="default"/>, it is assumed that implemente rs of ECDH over these curves <xref target="derive-key-pair" format="default"/>, it is assumed that implemento rs of ECDH over these curves
use an integer representation of private keys that is compatible with the use an integer representation of private keys that is compatible with the
<tt>OS2IP()</tt> function.</t> <tt>OS2IP()</tt> function.</t>
<t>For P-256, P-384, and P-521, the <tt>SerializePrivateKey()</tt> fun ction of the KEM <t>For P-256, P-384, and P-521, the <tt>SerializePrivateKey()</tt> fun ction of the KEM
performs the field-element-to-octet-string conversion according to <xref target= "SECG" format="default"/>. If performs the Field-Element-to-Octet-String conversion according to <xref target= "SECG" format="default"/>. If
the private key is an integer outside the range <tt>[0, order-1]</tt>, where <tt >order</tt> the private key is an integer outside the range <tt>[0, order-1]</tt>, where <tt >order</tt>
is the order of the curve being used, the private key <bcp14>MUST</bcp14> be red uced to its is the order of the curve being used, the private key MUST be reduced to its
representative in <tt>[0, order-1]</tt> before being serialized. representative in <tt>[0, order-1]</tt> before being serialized.
<tt>DeserializePrivateKey()</tt> performs the octet-string-to-field-element conv ersion <tt>DeserializePrivateKey()</tt> performs the Octet-String-to-Field-Element conv ersion
according to <xref target="SECG" format="default"/>.</t> according to <xref target="SECG" format="default"/>.</t>
<t>For X25519 and X448, private keys are identical to their byte strin g <t>For X25519 and X448, private keys are identical to their byte strin g
representation, so little processing has to be done. The representation, so little processing has to be done. The
<tt>SerializePrivateKey()</tt> function <bcp14>MUST</bcp14> clamp its output and <tt>SerializePrivateKey()</tt> function MUST clamp its output and the
the <tt>DeserializePrivateKey()</tt> function MUST clamp its input, where <em>clampi
<tt>DeserializePrivateKey()</tt> function <bcp14>MUST</bcp14> clamp its input, w ng</em> refers to the
here <em>clamping</em> refers to the
bitwise operations performed on <tt>k</tt> in the <tt>decodeScalar25519()</tt> a nd bitwise operations performed on <tt>k</tt> in the <tt>decodeScalar25519()</tt> a nd
<tt>decodeScalar448()</tt> functions defined in <xref target="RFC7748" section=" <tt>decodeScalar448()</tt> functions defined in Section 5 of <xref target="RFC77
5" sectionFormat="of" format="default"/>.</t> 48" format="default"/>.</t>
<t>To catch invalid keys early on, implementers of DHKEMs <bcp14>SHOUL <t>To catch invalid keys early on, implementors of DHKEMs SHOULD check
D</bcp14> check that that
deserialized private keys are not equivalent to 0 (mod <tt>order</tt>), where <t t>order</tt> deserialized private keys are not equivalent to 0 (mod <tt>order</tt>), where <t t>order</tt>
is the order of the DH group. Note that this property is trivially true for X255 19 is the order of the DH group. Note that this property is trivially true for X255 19
and X448 groups, since clamped values can never be 0 (mod <tt>order</tt>).</t> and X448 groups, since clamped values can never be 0 (mod <tt>order</tt>).</t>
</section> </section>
<section anchor="derive-key-pair" numbered="true" toc="default"> <section anchor="derive-key-pair" numbered="true" toc="default">
<name>DeriveKeyPair</name> <name>DeriveKeyPair</name>
<t>The keys that <tt>DeriveKeyPair()</tt> produces have only as much e ntropy as the provided <t>The keys that <tt>DeriveKeyPair()</tt> produces have only as much e ntropy as the provided
input keying material. For a given KEM, the <tt>ikm</tt> parameter given to <tt> input keying material. For a given KEM, the <tt>ikm</tt> parameter given to <tt>
DeriveKeyPair()</tt> <bcp14>SHOULD</bcp14> DeriveKeyPair()</tt> SHOULD
have a length of at least <tt>Nsk</tt> and <bcp14>SHOULD</bcp14> have at least < have length at least <tt>Nsk</tt>, and SHOULD have at least <tt>Nsk</tt> bytes o
tt>Nsk</tt> bytes of entropy.</t> f entropy.</t>
<t>All invocations of KDF functions (such as <tt>LabeledExtract</tt> o r <tt>LabeledExpand</tt>) in any <t>All invocations of KDF functions (such as <tt>LabeledExtract</tt> o r <tt>LabeledExpand</tt>) in any
DHKEM's <tt>DeriveKeyPair()</tt> function use the DHKEM's associated KDF (as opp osed to DHKEM's <tt>DeriveKeyPair()</tt> function use the DHKEM's associated KDF (as opp osed to
the ciphersuite's KDF).</t> the ciphersuite's KDF).</t>
<t>For P-256, P-384, and P-521, the <tt>DeriveKeyPair()</tt> function of the KEM performs <t>For P-256, P-384, and P-521, the <tt>DeriveKeyPair()</tt> function of the KEM performs
rejection sampling over field elements:</t> rejection sampling over field elements:</t>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
def DeriveKeyPair(ikm): def DeriveKeyPair(ikm):
dkp_prk = LabeledExtract("", "dkp_prk", ikm) dkp_prk = LabeledExtract("", "dkp_prk", ikm)
sk = 0 sk = 0
counter = 0 counter = 0
while sk == 0 or sk >= order: while sk == 0 or sk >= order:
if counter > 255: if counter > 255:
raise DeriveKeyPairError raise DeriveKeyPairError
bytes = LabeledExpand(dkp_prk, "candidate", bytes = LabeledExpand(dkp_prk, "candidate",
I2OSP(counter, 1), Nsk) I2OSP(counter, 1), Nsk)
bytes[0] = bytes[0] & bitmask bytes[0] = bytes[0] & bitmask
sk = OS2IP(bytes) sk = OS2IP(bytes)
counter = counter + 1 counter = counter + 1
return (sk, pk(sk)) return (sk, pk(sk))
]]></sourcecode> ]]></artwork>
<t><tt>order</tt> is the order of the curve being used (see Section D. <t><tt>order</tt> is the order of the curve being used (see Section D.
1.2 of <xref target="NISTCurves" format="default"/>) and 1.2 of <xref target="NISTCurves" format="default"/>), and
is listed below for completeness.</t> is listed below for completeness.</t>
<dl newline="true" spacing="normal"> <artwork name="" type="" align="left" alt=""><![CDATA[
<dt>P-256:</dt> <dd>0xffffffff00000000ffffffffffffffffbce6faad P-256:
a7179e84f3b9cac2fc632551</dd> 0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551
<dt>P-384:</dt> <dd>0xfffffffffffffffffffffffffffffffffffffffffffffff
fc7634d81f4372ddf581a0db248b0a77aecec196accc52973</dd> P-384:
<dt>P-521:</dt> <dd>0x01fffffffffffffffffffffffffffffffffffffffffffff 0xffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf
ffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e913 581a0db248b0a77aecec196accc52973
86409</dd>
</dl> P-521:
<t><tt>bitmask</tt> is defined to be 0xFF for P-256 and P-384 and 0x01 0x01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
for P-521. fa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409
]]></artwork>
<t><tt>bitmask</tt> is defined to be 0xFF for P-256 and P-384, and 0x0
1 for P-521.
The precise likelihood of <tt>DeriveKeyPair()</tt> failing with DeriveKeyPairErr or The precise likelihood of <tt>DeriveKeyPair()</tt> failing with DeriveKeyPairErr or
depends on the group being used, but it is negligibly small in all cases. depends on the group being used, but it is negligibly small in all cases.
See <xref target="api-errors" format="default"/> for information about dealing w ith such failures.</t> See <xref target="api-errors" format="default"/> for information about dealing w ith such failures.</t>
<t>For X25519 and X448, the <tt>DeriveKeyPair()</tt> function applies a KDF to the input:</t> <t>For X25519 and X448, the <tt>DeriveKeyPair()</tt> function applies a KDF to the input:</t>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
def DeriveKeyPair(ikm): def DeriveKeyPair(ikm):
dkp_prk = LabeledExtract("", "dkp_prk", ikm) dkp_prk = LabeledExtract("", "dkp_prk", ikm)
sk = LabeledExpand(dkp_prk, "sk", "", Nsk) sk = LabeledExpand(dkp_prk, "sk", "", Nsk)
return (sk, pk(sk)) return (sk, pk(sk))
]]></sourcecode> ]]></artwork>
</section> </section>
<section anchor="validation" numbered="true" toc="default"> <section anchor="validation" numbered="true" toc="default">
<name>Validation of Inputs and Outputs</name> <name>Validation of Inputs and Outputs</name>
<t>The following public keys are subject to validation if the group <t>The following public keys are subject to validation if the group
requires public key validation: the sender <bcp14>MUST</bcp14> validate the reci requires public key validation: the sender MUST validate the recipient's
pient's public key <tt>pkR</tt>; the recipient MUST validate the ephemeral public key
public key <tt>pkR</tt>; the recipient <bcp14>MUST</bcp14> validate the ephemera <tt>pkE</tt>; in authenticated modes, the recipient MUST validate the sender's
l public key
<tt>pkE</tt>; and, in authenticated modes, the recipient <bcp14>MUST</bcp14> val
idate the sender's
static public key <tt>pkS</tt>. Validation failure yields a <tt>ValidationError< /tt>.</t> static public key <tt>pkS</tt>. Validation failure yields a <tt>ValidationError< /tt>.</t>
<t>For P-256, P-384, and P-521, senders and recipients <bcp14>MUST</bc <t>For P-256, P-384 and P-521, senders and recipients MUST perform par
p14> perform partial tial
public-key validation on all public key inputs, as defined in Section 5.6.2.3.4 public key validation on all public key inputs, as defined in Section 5.6.2.3.4
of <xref target="keyagreement" format="default"/>. This includes checking that t of <xref target="keyagreement" format="default"/>. This includes checking that t
he coordinates are in the he coordinates are in the
correct range, that the point is on the curve, and that the point is not the correct range, that the point is on the curve, and that the point is not the
point at infinity. Additionally, senders and recipients <bcp14>MUST</bcp14> ensu re the point at infinity. Additionally, senders and recipients MUST ensure the
Diffie-Hellman shared secret is not the point at infinity.</t> Diffie-Hellman shared secret is not the point at infinity.</t>
<t>For X25519 and X448, public keys and Diffie-Hellman outputs <bcp14> <t>For X25519 and X448, public keys and Diffie-Hellman outputs MUST be
MUST</bcp14> be validated, validated
as described in <xref target="RFC7748" format="default"/>. In particular, recipi as described in <xref target="RFC7748" format="default"/>. In particular, recipi
ents <bcp14>MUST</bcp14> check whether ents MUST check whether
the Diffie-Hellman shared secret is the all-zero value and abort if so.</t> the Diffie-Hellman shared secret is the all-zero value and abort if so.</t>
</section> </section>
<section anchor="future-kems" numbered="true" toc="default"> <section anchor="future-kems" numbered="true" toc="default">
<name>Future KEMs</name> <name>Future KEMs</name>
<t><xref target="kem-security" format="default"/> lists security requi rements on a KEM used within HPKE.</t> <t><xref target="kem-security" format="default"/> lists security requi rements on a KEM used within HPKE.</t>
<t>The <tt>AuthEncap()</tt> and <tt>AuthDecap()</tt> functions are <bc p14>OPTIONAL</bcp14>. If a KEM algorithm <t>The <tt>AuthEncap()</tt> and <tt>AuthDecap()</tt> functions are OPT IONAL. If a KEM algorithm
does not provide them, only the Base and PSK modes of HPKE are supported. does not provide them, only the Base and PSK modes of HPKE are supported.
Future specifications that define new KEMs <bcp14>MUST</bcp14> indicate whether or not Future specifications that define new KEMs MUST indicate whether or not
Auth and AuthPSK modes are supported.</t> Auth and AuthPSK modes are supported.</t>
<t>A KEM algorithm may support different encoding algorithms with diff <t>A KEM algorithm may support different encoding algorithms, with dif
erent output ferent output
lengths for KEM public keys. Such KEM algorithms <bcp14>MUST</bcp14> specify onl lengths, for KEM public keys. Such KEM algorithms MUST specify only one encoding
y one encoding
algorithm whose output length is <tt>Npk</tt>.</t> algorithm whose output length is <tt>Npk</tt>.</t>
</section> </section>
</section> </section>
<section anchor="kdf-ids" numbered="true" toc="default"> <section anchor="kdf-ids" numbered="true" toc="default">
<name>Key Derivation Functions (KDFs)</name> <name>Key Derivation Functions (KDFs)</name>
<table anchor="kdfid-values" align="center"> <table anchor="kdfid-values" align="center">
<name>KDF IDs</name> <name>KDF IDs</name>
<thead> <thead>
<tr> <tr>
<th align="left">Value</th> <th align="left">Value</th>
skipping to change at line 1098 skipping to change at line 1044
<xref target="RFC5869" format="default"/></td> <xref target="RFC5869" format="default"/></td>
</tr> </tr>
</tbody> </tbody>
</table> </table>
<section anchor="kdf-input-length" numbered="true" toc="default"> <section anchor="kdf-input-length" numbered="true" toc="default">
<name>Input Length Restrictions</name> <name>Input Length Restrictions</name>
<t>This document defines <tt>LabeledExtract()</tt> and <tt>LabeledExpa nd()</tt> based on the <t>This document defines <tt>LabeledExtract()</tt> and <tt>LabeledExpa nd()</tt> based on the
KDFs listed above. These functions add prefixes to their respective KDFs listed above. These functions add prefixes to their respective
inputs <tt>ikm</tt> and <tt>info</tt> before calling the KDF's <tt>Extract()</tt > and <tt>Expand()</tt> inputs <tt>ikm</tt> and <tt>info</tt> before calling the KDF's <tt>Extract()</tt > and <tt>Expand()</tt>
functions. This leads to a reduction of the maximum input length that functions. This leads to a reduction of the maximum input length that
is available for the inputs <tt>psk</tt>, <tt>psk_id</tt>, <tt>info</tt>, <tt>ex porter_context</tt>, and is available for the inputs <tt>psk</tt>, <tt>psk_id</tt>, <tt>info</tt>, <tt>ex porter_context</tt>,
<tt>ikm</tt>, i.e., the variable-length parameters provided by HPKE applications . <tt>ikm</tt>, i.e., the variable-length parameters provided by HPKE applications .
The following table lists the maximum allowed lengths of these fields The following table lists the maximum allowed lengths of these fields
for the KDFs defined in this document, as inclusive bounds in bytes:</t> for the KDFs defined in this document, as inclusive bounds in bytes:</t>
<!--[rfced] A note regarding the XML and the text output.
FYI, the <sup> element has been used to generate superscript
in this table. The text output does not contain the brackets
around the exponent (used in the original). Please let us know
if you prefer otherwise.
Original:
2^{61} - 88
Current text:
2^61 - 88
Side note: <sup> yields superscript in the HTML and PDF files:
https://www.rfc-editor.org/authors/rfc9180.html#table-4
https://www.rfc-editor.org/authors/rfc9180.pdf#table-4
<table anchor="input-limits" align="center"> <table anchor="input-limits" align="center">
<name>Application Input Limits</name> <name>Application Input Limits</name>
<thead> <thead>
<tr> <tr>
<th align="left">Input</th> <th align="left">Input</th>
<th align="left">HKDF-SHA256</th> <th align="left">HKDF-SHA256</th>
<th align="left">HKDF-SHA384</th> <th align="left">HKDF-SHA384</th>
<th align="left">HKDF-SHA512</th> <th align="left">HKDF-SHA512</th>
</tr> </tr>
</thead> </thead>
<tbody> <tbody>
<tr> <tr>
<td align="left">psk</td> <td align="left">psk</td>
<td align="left">2<sup>61</sup> - 88</td> <td align="left">2^{61} - 88</td>
<td align="left">2<sup>125</sup> - 152</td> <td align="left">2^{125} - 152</td>
<td align="left">2<sup>125</sup> - 152</td> <td align="left">2^{125} - 152</td>
</tr> </tr>
<tr> <tr>
<td align="left">psk_id</td> <td align="left">psk_id</td>
<td align="left">2<sup>61</sup> - 93</td> <td align="left">2^{61} - 93</td>
<td align="left">2<sup>125</sup> - 157</td> <td align="left">2^{125} - 157</td>
<td align="left">2<sup>125</sup> - 157</td> <td align="left">2^{125} - 157</td>
</tr> </tr>
<tr> <tr>
<td align="left">info</td> <td align="left">info</td>
<td align="left">2<sup>61</sup> - 91</td> <td align="left">2^{61} - 91</td>
<td align="left">2<sup>125</sup> - 155</td> <td align="left">2^{125} - 155</td>
<td align="left">2<sup>125</sup> - 155</td> <td align="left">2^{125} - 155</td>
</tr> </tr>
<tr> <tr>
<td align="left">exporter_context</td> <td align="left">exporter_context</td>
<td align="left">2<sup>61</sup> - 120</td> <td align="left">2^{61} - 120</td>
<td align="left">2<sup>125</sup> - 200</td> <td align="left">2^{125} - 200</td>
<td align="left">2<sup>125</sup> - 216</td> <td align="left">2^{125} - 216</td>
</tr> </tr>
<tr> <tr>
<td align="left">ikm (DeriveKeyPair)</td> <td align="left">ikm (DeriveKeyPair)</td>
<td align="left">2<sup>61</sup> - 84</td> <td align="left">2^{61} - 84</td>
<td align="left">2<sup>125</sup> - 148</td> <td align="left">2^{125} - 148</td>
<td align="left">2<sup>125</sup> - 148</td> <td align="left">2^{125} - 148</td>
</tr> </tr>
</tbody> </tbody>
</table> </table>
<t>This shows that the limits are only marginally smaller than the max imum <t>This shows that the limits are only marginally smaller than the max imum
input length of the underlying hash function; these limits are large and input length of the underlying hash function; these limits are large and
unlikely to be reached in practical applications. Future specifications unlikely to be reached in practical applications. Future specifications
that define new KDFs <bcp14>MUST</bcp14> specify bounds for these variable-lengt h that define new KDFs MUST specify bounds for these variable-length
parameters.</t> parameters.</t>
<t>The <bcp14>RECOMMENDED</bcp14> limit for these values is 64 bytes. This would enable <t>The RECOMMENDED limit for these values is 64 bytes. This would enab le
interoperability with implementations that statically allocate memory interoperability with implementations that statically allocate memory
for these inputs to avoid memory allocations.</t> for these inputs to avoid memory allocations.</t>
<t>The values for <tt>psk</tt>, <tt>psk_id</tt>, <tt>info</tt>, and <t t>ikm</tt>, which are inputs to <t>The values for <tt>psk</tt>, <tt>psk_id</tt>, <tt>info</tt>, and <t t>ikm</tt>, which are inputs to
<tt>LabeledExtract()</tt>, were computed with the following expression:</t> <tt>LabeledExtract()</tt>, were computed with the following expression:</t>
<artwork name="" type="" align="left" alt=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
max_size_hash_input - Nb - size_version_label - max_size_hash_input - Nb - size_version_label -
size_suite_id - size_input_label size_suite_id - size_input_label
]]></artwork> ]]></artwork>
<t>The value for <tt>exporter_context</tt>, which is an input to <tt>L abeledExpand()</tt>, <t>The value for <tt>exporter_context</tt>, which is an input to <tt>L abeledExpand()</tt>,
was computed with the following expression:</t> was computed with the following expression:</t>
<artwork name="" type="" align="left" alt=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
max_size_hash_input - Nb - Nh - size_version_label - max_size_hash_input - Nb - Nh - size_version_label -
size_suite_id - size_input_label - 2 - 1 size_suite_id - size_input_label - 2 - 1
]]></artwork> ]]></artwork>
<t>In these equations, <tt>max_size_hash_input</tt> is the maximum inp ut length <t>In these equations, <tt>max_size_hash_input</tt> is the maximum inp ut length
of the underlying hash function in bytes, <tt>Nb</tt> is the block size of the of the underlying hash function in bytes, <tt>Nb</tt> is the block size of the
underlying hash function in bytes, <tt>size_version_label</tt> is the size underlying hash function in bytes, <tt>size_version_label</tt> is the size
of "HPKE-v1" in bytes and equals 7, <tt>size_suite_id</tt> is the size of the of "HPKE-v1" in bytes and equals 7, <tt>size_suite_id</tt> is the size of the
<tt>suite_id</tt> in bytes and equals 5 for DHKEM (relevant for <tt>ikm</tt>) an d 10 for the <tt>suite_id</tt> in bytes and equals 5 for DHKEM (relevant for <tt>ikm</tt>) an d 10 for the
remainder of HPKE (relevant for <tt>psk</tt>, <tt>psk_id</tt>, <tt>info</tt>, an d <tt>exporter_context</tt>), remainder of HPKE (relevant for <tt>psk</tt>, <tt>psk_id</tt>, <tt>info</tt>, an d <tt>exporter_context</tt>),
and <tt>size_input_label</tt> is the size in bytes of the label used as paramete r to and <tt>size_input_label</tt> is the size in bytes of the label used as paramete r to
<tt>LabeledExtract()</tt> or <tt>LabeledExpand()</tt>, the maximum of which is 1 3 <tt>LabeledExtract()</tt> or <tt>LabeledExpand()</tt>, the maximum of which is 1 3
across all labels in this document.</t> across all labels in this document.</t>
</section> </section>
</section> </section>
<section anchor="aead-ids" numbered="true" toc="default"> <section anchor="aead-ids" numbered="true" toc="default">
<name>Authenticated Encryption with Associated Data (AEAD) Functions</na me> <name>Authenticated Encryption with Associated Data (AEAD) Functions</na me>
<!--[rfced] Two values in the IANA registry (https://www.iana.org/assignments/hp
ke/hpke.xhtml#hpke-aead-ids)
list draft-ietf-emu-hpke-06 as follows. Such a draft does not
exist in the Datatracker. How should this be updated?
Perhaps it should reference this document, as we have
updated the document currently?
IANA registry (HPKE AEAD Identifiers):
0x0000 Reserved N/A N/A N/A [RFC-ietf-emu-hpke-06]
[...]
0xFFFF Export-only N/A N/A N/A [RFC-ietf-emu-hpke-06]
<table anchor="aeadid-values" align="center"> <table anchor="aeadid-values" align="center">
<name>AEAD IDs</name> <name>AEAD IDs</name>
<thead> <thead>
<tr> <tr>
<th align="left">Value</th> <th align="left">Value</th>
<th align="left">AEAD</th> <th align="left">AEAD</th>
<th align="left">Nk</th> <th align="left">Nk</th>
<th align="left">Nn</th> <th align="left">Nn</th>
<th align="left">Nt</th> <th align="left">Nt</th>
<th align="left">Reference</th> <th align="left">Reference</th>
skipping to change at line 1280 skipping to change at line 1194
</section> </section>
</section> </section>
<section anchor="api-considerations" numbered="true" toc="default"> <section anchor="api-considerations" numbered="true" toc="default">
<name>API Considerations</name> <name>API Considerations</name>
<t>This section documents considerations for interfaces to implementations of HPKE. <t>This section documents considerations for interfaces to implementations of HPKE.
This includes error handling considerations and recommendations that improve This includes error handling considerations and recommendations that improve
interoperability when HPKE is used in applications.</t> interoperability when HPKE is used in applications.</t>
<section anchor="auxiliary-authenticated-application-information" numbered ="true" toc="default"> <section anchor="auxiliary-authenticated-application-information" numbered ="true" toc="default">
<name>Auxiliary Authenticated Application Information</name> <name>Auxiliary Authenticated Application Information</name>
<t>HPKE has two places at which applications can specify auxiliary authe nticated information: <t>HPKE has two places at which applications can specify auxiliary authe nticated information:
(1) during context construction via the Setup <tt>info</tt> parameter and (2) du (1) during context construction via the Setup <tt>info</tt> parameter, and (2) d
ring Context uring Context
operations, i.e., with the <tt>aad</tt> parameter for <tt>Open()</tt> and <tt>Se operations, i.e., with the <tt>aad</tt> parameter for <tt>Open()</tt> and <tt>Se
al()</tt> and the <tt>exporter_context</tt> parameter al()</tt>, and the <tt>exporter_context</tt> parameter
for <tt>Export()</tt>. Application information applicable to multiple operations on a single Context for <tt>Export()</tt>. Application information applicable to multiple operations on a single Context
should use the Setup <tt>info</tt> parameter. This avoids redundantly processing this information for should use the Setup <tt>info</tt> parameter. This avoids redundantly processing this information for
each Context operation. In contrast, application information that varies on a pe r-message basis each Context operation. In contrast, application information that varies on a pe r-message basis
should be specified via the Context APIs (<tt>Seal()</tt>, <tt>Open()</tt>, or < tt>Export()</tt>).</t> should be specified via the Context APIs (<tt>Seal()</tt>, <tt>Open()</tt>, or < tt>Export()</tt>).</t>
<t>Applications that only use the single-shot APIs described in <xref ta rget="single-shot-apis" format="default"/> should use the <t>Applications that only use the single-shot APIs described in <xref ta rget="single-shot-apis" format="default"/> should use the
Setup <tt>info</tt> parameter for specifying auxiliary authenticated information . Implementations that Setup <tt>info</tt> parameter for specifying auxiliary authenticated information . Implementations which
only expose single-shot APIs should not allow applications to use both Setup <tt >info</tt> and Context only expose single-shot APIs should not allow applications to use both Setup <tt >info</tt> and Context
<tt>aad</tt> or <tt>exporter_context</tt> auxiliary information parameters.</t> <tt>aad</tt> or <tt>exporter_context</tt> auxiliary information parameters.</t>
</section> </section>
<section anchor="api-errors" numbered="true" toc="default"> <section anchor="api-errors" numbered="true" toc="default">
<name>Errors</name> <name>Errors</name>
<t>The high-level, public HPKE APIs specified in this document are all f allible. <t>The high-level, public HPKE APIs specified in this document are all f allible.
These include the Setup functions and all encryption context functions. These include the Setup functions and all encryption context functions.
For example, <tt>Decap()</tt> can fail if the encapsulated key <tt>enc</tt> is i nvalid, For example, <tt>Decap()</tt> can fail if the encapsulated key <tt>enc</tt> is i nvalid,
and <tt>Open()</tt> may fail if ciphertext decryption fails. The explicit errors and <tt>Open()</tt> may fail if ciphertext decryption fails. The explicit errors
generated throughout this specification, along with the conditions that generated throughout this specification, along with the conditions that
lead to each error, are as follows:</t> lead to each error, are as follows:</t>
<dl newline="false" spacing="normal"> <ul spacing="normal">
<dt><tt>ValidationError</tt>:</dt> <li>
<dd>KEM input or output validation failure; <xref <tt>ValidationError</tt>: KEM input or output validation failure; <x
target="dhkem" format="default"/>.</dd> ref target="dhkem" format="default"/>.</li>
<dt><tt>DeserializeError</tt>:</dt> <li>
<dd>Public or private key deserialization <tt>DeserializeError</tt>: Public or private key deserialization fai
failure; <xref target="base-crypto" format="default"/>.</dd> lure; <xref target="base-crypto" format="default"/>.</li>
<dt><tt>EncapError</tt>:</dt> <li>
<dd><tt>Encap()</tt> failure; <xref <tt>EncapError</tt>: <tt>Encap()</tt> failure; <xref target="base-cr
target="base-crypto" format="default"/>.</dd> ypto" format="default"/>.</li>
<dt><tt>DecapError</tt>:</dt> <li>
<dd><tt>Decap()</tt> failure; <xref <tt>DecapError</tt>: <tt>Decap()</tt> failure; <xref target="base-cr
target="base-crypto" format="default"/>.</dd> ypto" format="default"/>.</li>
<dt><tt>OpenError</tt>:</dt> <li>
<dd>Context AEAD <tt>Open()</tt> failure; Sections <xref <tt>OpenError</tt>: Context AEAD <tt>Open()</tt> failure; <xref targ
target="base-crypto" format="counter"/> and <xref target="hpke-dem" et="base-crypto" format="default"/> and <xref target="hpke-dem" format="default"
format="counter"/>.</dd> />.</li>
<dt><tt>MessageLimitReachedError</tt>:</dt> <li>
<dd>Context AEAD sequence number <tt>MessageLimitReachedError</tt>: Context AEAD sequence number over
overflow; Sections <xref target="base-crypto" flow; <xref target="base-crypto" format="default"/> and <xref target="hpke-dem"
format="counter"/> and <xref target="hpke-dem" format="counter"/>.</dd> format="default"/>.</li>
<dt><tt>DeriveKeyPairError</tt>:</dt> <li>
<dd>Key pair derivation failure; <xref <tt>DeriveKeyPairError</tt>: Key pair derivation failure; <xref targ
target="derive-key-pair" format="default"/>.</dd> et="derive-key-pair" format="default"/>.</li>
</dl> </ul>
<t>Implicit errors may also occur. As an example, certain classes of fai lures, <t>Implicit errors may also occur. As an example, certain classes of fai lures,
e.g., malformed recipient public keys, may not yield explicit errors. e.g., malformed recipient public keys, may not yield explicit errors.
For example, for the DHKEM variant described in this specification, For example, for the DHKEM variant described in this specification,
the <tt>Encap()</tt> algorithm fails when given an invalid recipient public key. the <tt>Encap()</tt> algorithm fails when given an invalid recipient public key.
However, other KEM algorithms may not have an efficient algorithm for verifying However, other KEM algorithms may not have an efficient algorithm for verifying
the validity of public keys. As a result, an equivalent error may not manifest the validity of public keys. As a result, an equivalent error may not manifest
until AEAD decryption at the recipient. As another example, DHKEM's <tt>AuthDeca p()</tt> until AEAD decryption at the recipient. As another example, DHKEM's <tt>AuthDeca p()</tt>
function will produce invalid output if given the wrong sender public key. function will produce invalid output if given the wrong sender public key.
This error is not detectable until subsequent AEAD decryption.</t> This error is not detectable until subsequent AEAD decryption.</t>
<t>The errors in this document are meant as a guide for implementers. Th ey are not <t>The errors in this document are meant as a guide for implementors. Th ey are not
an exhaustive list of all the errors an implementation might emit. For example, an exhaustive list of all the errors an implementation might emit. For example,
future KEMs might have internal failure cases, or an implementation might run future KEMs might have internal failure cases, or an implementation might run
out of memory.</t> out of memory.</t>
<t>How these errors are expressed in an API or handled by applications i s an <t>How these errors are expressed in an API or handled by applications i s an
implementation-specific detail. For example, some implementations may abort or implementation-specific detail. For example, some implementations may abort or
panic upon a <tt>DeriveKeyPairError</tt> failure given that it only occurs with panic upon a <tt>DeriveKeyPairError</tt> failure given that it only occurs with
negligible probability, whereas other implementations may retry the failed negligible probability, whereas other implementations may retry the failed
DeriveKeyPair operation. See <xref target="derive-key-pair" format="default"/> f or more information. DeriveKeyPair operation. See <xref target="derive-key-pair" format="default"/> f or more information.
As another example, some implementations of the DHKEM specified in this document As another example, some implementations of the DHKEM specified in this document
may choose to transform <tt>ValidationError</tt> from <tt>DH()</tt> into an <tt> EncapError</tt> or may choose to transform <tt>ValidationError</tt> from <tt>DH()</tt> into an <tt> EncapError</tt> or
skipping to change at line 1363 skipping to change at line 1268
</section> </section>
</section> </section>
<section anchor="sec-considerations" numbered="true" toc="default"> <section anchor="sec-considerations" numbered="true" toc="default">
<name>Security Considerations</name> <name>Security Considerations</name>
<section anchor="sec-properties" numbered="true" toc="default"> <section anchor="sec-properties" numbered="true" toc="default">
<name>Security Properties</name> <name>Security Properties</name>
<t>HPKE has several security goals, depending on the mode of operation, <t>HPKE has several security goals, depending on the mode of operation,
against active and adaptive attackers that can compromise partial against active and adaptive attackers that can compromise partial
secrets of senders and recipients. The desired security goals are secrets of senders and recipients. The desired security goals are
detailed below:</t> detailed below:</t>
<dl newline="false" spacing="normal"> <ul spacing="normal">
<dt>Message secrecy:</dt> <li>Message secrecy: Confidentiality of the sender's messages against
<dd>confidentiality of the sender's messages against chosen ciphertext chosen ciphertext attacks</li>
attacks</dd> <li>Export key secrecy: Indistinguishability of each export
<dt>Export key secrecy:</dt> secret from a uniformly random bitstring of equal length, i.e.,
<dd>indistinguishability of each export secret from a uniformly random <tt>Context.Export</tt> is a variable-length PRF</li>
bitstring <li>Sender authentication: Proof of sender origin for PSK, Auth, and
of equal length, i.e., <tt>Context.Export</tt> is a variable-length PRF AuthPSK modes</li>
</dd> </ul>
<dt>Sender authentication:</dt>
<dd>proof of sender origin for PSK, Auth, and AuthPSK modes</dd>
</dl>
<t>These security goals are expected to hold for any honest sender and <t>These security goals are expected to hold for any honest sender and
honest recipient keys, as well as if the honest sender and honest honest recipient keys, as well as if the honest sender and honest
recipient keys are the same.</t> recipient keys are the same.</t>
<t>HPKE mitigates malleability problems (called benign malleability <xre f target="SECG" format="default"/>) in prior <t>HPKE mitigates malleability problems (called benign malleability <xre f target="SECG" format="default"/>) in prior
public key encryption standards based on ECIES by including all public keys in t he public key encryption standards based on ECIES by including all public keys in t he
context of the key schedule.</t> context of the key schedule.</t>
<t>HPKE does not provide forward secrecy with respect to recipient compr omise. <t>HPKE does not provide forward secrecy with respect to recipient compr omise.
In the Base and Auth modes, the secrecy properties are only expected to In the Base and Auth modes, the secrecy properties are only expected to
hold if the recipient private key <tt>skR</tt> is not compromised at any point hold if the recipient private key <tt>skR</tt> is not compromised at any point
in time. In the PSK and AuthPSK modes, the secrecy properties are in time. In the PSK and AuthPSK modes, the secrecy properties are
expected to hold if the recipient private key <tt>skR</tt> and the pre-shared ke y expected to hold if the recipient private key <tt>skR</tt> and the pre-shared ke y
are not both compromised at any point in time. See <xref target="non-goals" form at="default"/> for more are not both compromised at any point in time. See <xref target="non-goals" form at="default"/> for more
details.</t> details.</t>
<t>In the Auth mode, sender authentication is generally expected to hold if <t>In the Auth mode, sender authentication is generally expected to hold if
the sender private key <tt>skS</tt> is not compromised at the time of message the sender private key <tt>skS</tt> is not compromised at the time of message
reception. In the AuthPSK mode, sender authentication is generally reception. In the AuthPSK mode, sender authentication is generally
expected to hold if, at the time of message reception, the sender private expected to hold if, at the time of message reception, the sender private
key <tt>skS</tt> and the pre-shared key are not both compromised.</t> key skS and the pre-shared key are not both compromised.</t>
<t>Besides forward secrecy and key compromise impersonation, which are h <t>Besides forward secrecy and key-compromise impersonation, which are h
ighlighted ighlighted
in this section because of their particular cryptographic importance, HPKE in this section because of their particular cryptographic importance, HPKE
has other non-goals that are described in <xref target="non-goals" format="defau lt"/>: no tolerance of has other non-goals that are described in <xref target="non-goals" format="defau lt"/>: no tolerance of
message reordering or loss, no downgrade or replay prevention, no hiding of the message reordering or loss, no downgrade or replay prevention, no hiding of the
plaintext length, and no protection against bad ephemeral randomness. <xref targ et="non-goals" format="default"/> plaintext length, and no protection against bad ephemeral randomness. <xref targ et="non-goals" format="default"/>
suggests application-level mitigations for some of them.</t> suggests application-level mitigations for some of them.</t>
<section anchor="kci" numbered="true" toc="default"> <section anchor="kci" numbered="true" toc="default">
<name>Key Compromise Impersonation</name> <name>Key-Compromise Impersonation</name>
<t>The DHKEM variants defined in this document are <t>The DHKEM variants defined in this document are
vulnerable to key compromise impersonation attacks <xref target="BJM97" format=" default"/>, vulnerable to key-compromise impersonation attacks <xref target="BJM97" format=" default"/>,
which means that sender authentication cannot be expected to hold in the which means that sender authentication cannot be expected to hold in the
Auth mode if the recipient private key <tt>skR</tt> is compromised and in the Auth mode if the recipient private key <tt>skR</tt> is compromised, and in the
AuthPSK mode if the pre-shared key and the recipient private key <tt>skR</tt> ar e AuthPSK mode if the pre-shared key and the recipient private key <tt>skR</tt> ar e
both compromised. both compromised. NaCl's <tt>box</tt> interface <xref target="NaCl" format="defa
ult"/> has the same issue. At
The <tt>box</tt> interface of the Networking and Cryptography library <xref targ
et="NaCl" format="default"/> has the same issue. At
the same time, this enables repudiability.</t> the same time, this enables repudiability.</t>
<t>As shown by <xref target="ABHKLR20" format="default"/>, key comprom ise impersonation attacks are generally possible on HPKE <t>As shown by <xref target="ABHKLR20" format="default"/>, key-comprom ise impersonation attacks are generally possible on HPKE
because KEM ciphertexts are not bound to HPKE messages. An adversary who because KEM ciphertexts are not bound to HPKE messages. An adversary who
knows a recipient's private key can decapsulate an observed KEM ciphertext, knows a recipient's private key can decapsulate an observed KEM ciphertext,
compute the key schedule, and encrypt an arbitrary message that the recipient compute the key schedule, and encrypt an arbitrary message that the recipient
will accept as coming from the original sender. Importantly, this is possible ev en will accept as coming from the original sender. Importantly, this is possible ev en
with a KEM that is resistant to key compromise impersonation attacks. As a with a KEM that is resistant to key-compromise impersonation attacks. As a
result, mitigating this issue requires fundamental changes that are out of scope result, mitigating this issue requires fundamental changes that are out of scope
of this specification.</t> of this specification.</t>
<t>Applications that require resistance against key compromise imperso <t>Applications that require resistance against key-compromise imperso
nation nation
<bcp14>SHOULD</bcp14> take extra steps to prevent this attack. One possibility i SHOULD take extra steps to prevent this attack. One possibility is to
s to
produce a digital signature over <tt>(enc, ct)</tt> tuples using a sender's produce a digital signature over <tt>(enc, ct)</tt> tuples using a sender's
private key -- where <tt>ct</tt> is an AEAD ciphertext produced by the single-sh ot private key - where <tt>ct</tt> is an AEAD ciphertext produced by the single-sho t
or multi-shot API and <tt>enc</tt> is the corresponding KEM encapsulated key.</t > or multi-shot API and <tt>enc</tt> is the corresponding KEM encapsulated key.</t >
<t>Given these properties, pre-shared keys strengthen both the authent ication and the <t>Given these properties, pre-shared keys strengthen both the authent ication and the
secrecy properties in certain adversary models. One particular example in which secrecy properties in certain adversary models. One particular example in which
this can be useful is a hybrid quantum setting: if a this can be useful is a hybrid quantum setting: if a
non-quantum-resistant KEM used with HPKE is broken by a non-quantum-resistant KEM used with HPKE is broken by a
quantum computer, the security properties are preserved through the use quantum computer, the security properties are preserved through the use
of a pre-shared key. As described in <xref target="RFC8696" format="default"/>, this of a pre-shared key. As described in Section 7 of <xref target="RFC8696" format= "default"/> this
assumes that the pre-shared key has not been compromised.</t> assumes that the pre-shared key has not been compromised.</t>
</section> </section>
<section anchor="computational-analysis" numbered="true" toc="default"> <section anchor="computational-analysis" numbered="true" toc="default">
<name>Computational Analysis</name> <name>Computational Analysis</name>
<t>It is shown in <xref target="CS01" format="default"/> that a hybrid public-key encryption scheme of <t>It is shown in <xref target="CS01" format="default"/> that a hybrid public key encryption scheme of
essentially the same form as the Base mode described here is essentially the same form as the Base mode described here is
IND-CCA2 secure as long as the underlying KEM and AEAD schemes are IND-CCA2-secure as long as the underlying KEM and AEAD schemes are
IND-CCA2 secure. Moreover, it is shown in <xref target="HHK06" format="default"/ IND-CCA2-secure. Moreover, it is shown in <xref target="HHK06" format="default"/
> that IND-CCA2 security > that IND-CCA2 security
of the KEM and the data encapsulation mechanism are necessary conditions of the KEM and the data encapsulation mechanism are necessary conditions
to achieve IND-CCA2 security for hybrid public-key encryption. to achieve IND-CCA2 security for hybrid public key encryption.
The main difference between the scheme proposed in <xref target="CS01" format="d efault"/> The main difference between the scheme proposed in <xref target="CS01" format="d efault"/>
and the Base mode in this document (both named HPKE) is that we interpose and the Base mode in this document (both named HPKE) is that we interpose
some KDF calls between the KEM and the AEAD. Analyzing the HPKE Base mode some KDF calls between the KEM and the AEAD. Analyzing the HPKE Base mode
instantiation in this document therefore requires verifying that the instantiation in this document therefore requires verifying that the
additional KDF calls do not cause the IND-CCA2 property to fail, as additional KDF calls do not cause the IND-CCA2 property to fail, as
well as verifying the additional export key secrecy property.</t> well as verifying the additional export key secrecy property.</t>
<t>Analysis of the PSK, Auth, and AuthPSK modes defined in this docume nt <t>Analysis of the PSK, Auth, and AuthPSK modes defined in this docume nt
additionally requires verifying the sender authentication property. additionally requires verifying the sender authentication property.
While the PSK mode just adds supplementary keying material to the key While the PSK mode just adds supplementary keying material to the key
schedule, the Auth and AuthPSK modes make use of a nonstandard schedule, the Auth and AuthPSK modes make use of a non-standard
authenticated KEM construction. Generally, the authenticated modes of authenticated KEM construction. Generally, the authenticated modes of
HPKE can be viewed and analyzed as flavors of signcryption <xref target="Signcry ptionDZ10" format="default"/>.</t> HPKE can be viewed and analyzed as flavors of signcryption <xref target="Signcry ptionDZ10" format="default"/>.</t>
<t>A preliminary computational analysis of all HPKE modes has been don e <t>A preliminary computational analysis of all HPKE modes has been don e
in <xref target="HPKEAnalysis" format="default"/>, indicating asymptotic securit y for the case where in <xref target="HPKEAnalysis" format="default"/>, indicating asymptotic securit y for the case where
the KEM is DHKEM, the AEAD is any IND-CPA-secure and INT-CTXT-secure scheme, the KEM is DHKEM, the AEAD is any IND-CPA-secure and INT-CTXT-secure scheme,
and the DH group and KDF satisfy the following conditions:</t> and the DH group and KDF satisfy the following conditions:</t>
<dl newline="false" spacing="normal"> <ul spacing="normal">
<dt>DH group:</dt> <li>DH group: The gap Diffie-Hellman (GDH) problem is hard in the
<dd>The gap Diffie-Hellman (GDH) problem is hard in the appropriate subgroup <xref target="GAP" format="default"/>.</li>
appropriate subgroup <li>
<xref target="GAP" format="default"/>.</dd> <tt>Extract()</tt> and <tt>Expand()</tt>: <tt>Extract()</tt> can b
<dt><tt>Extract()</tt> and <tt>Expand()</tt>:</dt> e modeled as a random oracle.
<dd><tt>Extract()</tt> can be <tt>Expand()</tt> can be modeled as a pseudorandom function, wherein the first
modeled as a random oracle. <tt>Expand()</tt> can argument is the key.</li>
be modeled as a pseudorandom function, wherein the first argument is </ul>
the <t>In particular, the KDFs and DH groups defined in this document (see
key.</dd> <xref target="kdf-ids" format="default"/> and <xref target="kem-ids" format="def
</dl> ault"/>) satisfy these properties when used as
<t>In particular, the KDFs and DH groups defined in this document (see specified. The analysis in <xref target="HPKEAnalysis" format="default"/> demons
Sections trates that under these
<xref target="kdf-ids" format="counter"/> and <xref target="kem-ids" format="cou constraints, HPKE continues to provide IND-CCA2 security, and provides
nter"/>) satisfy these properties when used as
specified. The analysis in <xref target="HPKEAnalysis" format="default"/> demons
trates that, under these
constraints, HPKE continues to provide IND-CCA2 security and provides
the additional properties noted above. Also, the analysis confirms the the additional properties noted above. Also, the analysis confirms the
expected properties hold under the different key compromise cases expected properties hold under the different key compromise cases
mentioned above. The analysis considers a sender that sends one message mentioned above. The analysis considers a sender that sends one message
using the encryption context and additionally exports two independent using the encryption context, and additionally exports two independent
secrets using the secret export interface.</t> secrets using the secret export interface.</t>
<t>The table below summarizes the main results from <xref target="HPKE <t>The table below summarizes the main results from <xref target="HPKE
Analysis" format="default"/>. <tt>N/A</tt> Analysis" format="default"/>. N/A
means that a property does not apply for the given mode, whereas <tt>y</tt> mean means that a property does not apply for the given mode, whereas <tt>Y</tt> mean
s that s
the given mode satisfies the property.</t> the given mode satisfies the property.</t>
<!--[rfced] Table 6 in this document does not have a title. Please
review, and provide a title if desired.-->
<table align="center"> <table align="center">
<thead> <thead>
<tr> <tr>
<th align="left">Variant</th> <th align="left">Variant</th>
<th align="center">Message Sec.</th> <th align="center">Message Sec.</th>
<th align="center">Export Sec.</th> <th align="center">Export Sec.</th>
<th align="center">Sender Auth.</th> <th align="center">Sender Auth.</th>
</tr> </tr>
</thead> </thead>
<tbody> <tbody>
<tr> <tr>
<td align="left">Base</td> <td align="left">Base</td>
<td align="center">y</td> <td align="center">Y</td>
<td align="center">y</td> <td align="center">Y</td>
<td align="center">N/A</td> <td align="center">N/A</td>
</tr> </tr>
<tr> <tr>
<td align="left">PSK</td> <td align="left">PSK</td>
<td align="center">y</td> <td align="center">Y</td>
<td align="center">y</td> <td align="center">Y</td>
<td align="center">y</td> <td align="center">Y</td>
</tr> </tr>
<tr> <tr>
<td align="left">Auth</td> <td align="left">Auth</td>
<td align="center">y</td> <td align="center">Y</td>
<td align="center">y</td> <td align="center">Y</td>
<td align="center">y</td> <td align="center">Y</td>
</tr> </tr>
<tr> <tr>
<td align="left">AuthPSK</td> <td align="left">AuthPSK</td>
<td align="center">y</td> <td align="center">Y</td>
<td align="center">y</td> <td align="center">Y</td>
<td align="center">y</td> <td align="center">Y</td>
</tr> </tr>
</tbody> </tbody>
</table> </table>
<t>If non-DH-based KEMs are to be used with HPKE, further analysis wil l be <t>If non-DH-based KEMs are to be used with HPKE, further analysis wil l be
necessary to prove their security. The results from <xref target="CS01" format=" default"/> provide necessary to prove their security. The results from <xref target="CS01" format=" default"/> provide
some indication that any IND-CCA2-secure KEM will suffice here but are some indication that any IND-CCA2-secure KEM will suffice here, but are
not conclusive given the differences in the schemes.</t> not conclusive given the differences in the schemes.</t>
<t>A detailed computational analysis of HPKE's Auth mode single-shot <t>A detailed computational analysis of HPKE's Auth mode single-shot
encryption API has been done in <xref target="ABHKLR20" format="default"/>. encryption API has been done in <xref target="ABHKLR20" format="default"/>.
The paper defines security notions for authenticated The paper defines security notions for authenticated
KEMs and for authenticated public key encryption, using the outsider and KEMs and for authenticated public key encryption, using the outsider and
insider security terminology known from signcryption <xref target="SigncryptionD Z10" format="default"/>. insider security terminology known from signcryption <xref target="SigncryptionD Z10" format="default"/>.
<!--[rfced] Please clarify this sentence; specifically:
a) What is the subject of "indicates exact security bounds" -
the analysis or the interface?
b) Does the phrase "and that HKDF can be modeled as a random oracle"
correspond to "proves that" or "assumption that"? If the latter,
should it be "assumptions" (plural)?
Original:
The analysis proves that
DHKEM's "AuthEncap()"/"AuthDecap()" interface fulfills these notions
for all Diffie-Hellman groups specified in this document, and
indicates exact security bounds, under the assumption that the gap
Diffie-Hellman (GDH) problem is hard in the appropriate subgroup
[GAP], and that HKDF can be modeled as a random oracle.
Perhaps (if (a) is "interface", and (b) is "proves that"):
The analysis proves that
1) DHKEM's AuthEncap()/AuthDecap() interface fulfills these notions
for all Diffie-Hellman groups specified in this document, and
indicates exact security bounds, under the assumption that the gap
Diffie-Hellman (GDH) problem is hard in the appropriate subgroup
[GAP], and
2) HKDF can be modeled as a random oracle.
Or (if (a) is "analysis", and (b) is "assumptions that"):
The analysis (1) proves that DHKEM's AuthEncap()/AuthDecap() interface
fulfills these notions for all Diffie-Hellman groups specified in this
document, and (2) indicates exact security bounds, under the assumptions
that the gap Diffie-Hellman (GDH) problem is hard in the appropriate
subgroup [GAP] and that HKDF can be modeled as a random oracle.
The analysis proves that DHKEM's <tt>AuthEncap()</tt>/<tt>AuthDecap()</tt> inter face The analysis proves that DHKEM's <tt>AuthEncap()</tt>/<tt>AuthDecap()</tt> inter face
fulfills these notions for all Diffie-Hellman groups specified in this document, fulfills these notions for all Diffie-Hellman groups specified in this document.
and indicates exact security bounds, under the assumption that the The analysis also provides exact security bounds, under the assumptions that the
gap Diffie-Hellman (GDH) problem is hard in the appropriate subgroup <xref targe t="GAP" format="default"/>, gap Diffie-Hellman (GDH) problem is hard in the appropriate subgroup <xref targe t="GAP" format="default"/>,
and that HKDF can be modeled as a random oracle.</t> and that HKDF can be modeled as a random oracle.</t>
<t>Further, <xref target="ABHKLR20" format="default"/> proves composit ion theorems, showing that HPKE's <t>Further, <xref target="ABHKLR20" format="default"/> proves composit ion theorems, showing that HPKE's
Auth mode fulfills the security notions of authenticated public key encryption Auth mode fulfills the security notions of authenticated public key encryption
for all KDFs and AEAD schemes specified in this document, given any for all KDFs and AEAD schemes specified in this document, given any
authenticated KEM satisfying the previously defined security notions authenticated KEM satisfying the previously defined security notions
for authenticated KEMs. The theorems assume that the KEM is perfectly correct; for authenticated KEMs. The theorems assume that the KEM is perfectly correct;
they could easily be adapted to work with KEMs that have a nonzero but negligibl e they could easily be adapted to work with KEMs that have a nonzero but negligibl e
probability for decryption failure. The assumptions on the KDF are that <tt>Extr act()</tt> probability for decryption failure. The assumptions on the KDF are that <tt>Extr act()</tt>
and <tt>Expand()</tt> can be modeled as pseudorandom functions wherein the first and <tt>Expand()</tt> can be modeled as pseudorandom functions wherein the first
argument is the key, respectively. The assumption for the AEAD is argument is the key, respectively. The assumption for the AEAD is
IND-CPA and IND-CTXT security.</t> IND-CPA and IND-CTXT security.</t>
<t>In summary, the analysis in <xref target="ABHKLR20" format="default "/> proves that the single-shot encryption API of HPKE's <t>In summary, the analysis in <xref target="ABHKLR20" format="default "/> proves that the single-shot encryption API of HPKE's
Auth mode satisfies the desired message confidentiality and sender Auth mode satisfies the desired message confidentiality and sender
authentication properties listed at the beginning of this section; authentication properties listed at the beginning of this section;
it does not consider multiple messages nor the secret export API.</t> it does not consider multiple messages, nor the secret export API.</t>
</section> </section>
<section anchor="post-quantum-security" numbered="true" toc="default"> <section anchor="post-quantum-security" numbered="true" toc="default">
<name>Post-quantum Security</name> <name>Post-Quantum Security</name>
<t>All of <xref target="CS01" format="default"/>, <xref target="HPKEAn alysis" format="default"/>, and <xref target="ABHKLR20" format="default"/> are p remised on <t>All of <xref target="CS01" format="default"/>, <xref target="HPKEAn alysis" format="default"/>, and <xref target="ABHKLR20" format="default"/> are p remised on
classical security models and assumptions and do not consider classical security models and assumptions, and do not consider
adversaries capable of quantum computation. A full proof of post-quantum adversaries capable of quantum computation. A full proof of post-quantum
security would need to take appropriate security models and assumptions security would need to take appropriate security models and assumptions
into account, in addition to simply using a post-quantum KEM. However, into account, in addition to simply using a post-quantum KEM. However,
the composition theorems from <xref target="ABHKLR20" format="default"/> for HPK E's Auth mode only make the composition theorems from <xref target="ABHKLR20" format="default"/> for HPK E's Auth mode only make
standard assumptions (i.e., no random oracle assumption) that are expected standard assumptions (i.e., no random oracle assumption) that are expected
to hold against quantum adversaries (although with slightly worse bounds). to hold against quantum adversaries (although with slightly worse bounds).
Thus, these composition theorems, in combination with a post-quantum-secure Thus, these composition theorems, in combination with a post-quantum-secure
authenticated KEM, guarantee the post-quantum security of HPKE's Auth mode.</t> authenticated KEM, guarantee the post-quantum security of HPKE's Auth mode.</t>
<t>In future work, the analysis from <xref target="ABHKLR20" format="d efault"/> can be extended to cover <t>In future work, the analysis from <xref target="ABHKLR20" format="d efault"/> can be extended to cover
HPKE's other modes and desired security properties. HPKE's other modes and desired security properties.
The hybrid quantum-resistance property described above, which is achieved The hybrid quantum-resistance property described above, which is achieved
by using the PSK or AuthPSK mode, is not proven in <xref target="HPKEAnalysis" f ormat="default"/> because by using the PSK or AuthPSK mode, is not proven in <xref target="HPKEAnalysis" f ormat="default"/> because
this analysis requires the random oracle model; in a quantum this analysis requires the random oracle model; in a quantum
setting, this model needs adaption to, for example, the quantum random setting, this model needs adaption to, for example, the quantum random
oracle model.</t> oracle model.</t>
</section> </section>
</section> </section>
<section anchor="kem-security" numbered="true" toc="default"> <section anchor="kem-security" numbered="true" toc="default">
<name>Security Requirements on a KEM Used within HPKE</name> <name>Security Requirements on a KEM Used within HPKE</name>
<t>A KEM used within HPKE <bcp14>MUST</bcp14> allow HPKE to satisfy its desired security <t>A KEM used within HPKE MUST allow HPKE to satisfy its desired securit y
properties described in <xref target="sec-properties" format="default"/>. <xref target="domain-separation" format="default"/> lists properties described in <xref target="sec-properties" format="default"/>. <xref target="domain-separation" format="default"/> lists
requirements concerning domain separation.</t> requirements concerning domain separation.</t>
<t>In particular, the KEM <t>In particular, the KEM
shared secret <bcp14>MUST</bcp14> be a uniformly random byte string of length <t t>Nsecret</tt>. shared secret MUST be a uniformly random byte string of length <tt>Nsecret</tt>.
This means, for instance, that it would not be sufficient if the KEM This means, for instance, that it would not be sufficient if the KEM
shared secret is only uniformly random as an element of some set prior shared secret is only uniformly random as an element of some set prior
to its encoding as a byte string.</t> to its encoding as a byte string.</t>
<section anchor="encapdecap-interface" numbered="true" toc="default"> <section anchor="encapdecap-interface" numbered="true" toc="default">
<name>Encap/Decap Interface</name> <name>Encap/Decap Interface</name>
<t>As mentioned in <xref target="sec-considerations" format="default"/ >, <xref target="CS01" format="default"/> provides some indications <t>As mentioned in <xref target="sec-considerations" format="default"/ >, <xref target="CS01" format="default"/> provides some indications
that if the KEM's <tt>Encap()</tt>/<tt>Decap()</tt> interface (which is used in the Base that if the KEM's <tt>Encap()</tt>/<tt>Decap()</tt> interface (which is used in the Base
and PSK modes) is IND-CCA2 secure, HPKE is able to satisfy its desired and PSK modes) is IND-CCA2-secure, HPKE is able to satisfy its desired
security properties. An appropriate definition of IND-CCA2 security for security properties. An appropriate definition of IND-CCA2 security for
KEMs can be found in <xref target="CS01" format="default"/> and <xref target="BH K09" format="default"/>.</t> KEMs can be found in <xref target="CS01" format="default"/> and <xref target="BH K09" format="default"/>.</t>
</section> </section>
<section anchor="authencapauthdecap-interface" numbered="true" toc="defa ult"> <section anchor="authencapauthdecap-interface" numbered="true" toc="defa ult">
<name>AuthEncap/AuthDecap Interface</name> <name>AuthEncap/AuthDecap Interface</name>
<t>The analysis of HPKE's Auth mode single-shot encryption API in <xre f target="ABHKLR20" format="default"/> <t>The analysis of HPKE's Auth mode single-shot encryption API in <xre f target="ABHKLR20" format="default"/>
provides composition theorems that guarantee that HPKE's Auth mode achieves provides composition theorems that guarantee that HPKE's Auth mode achieves
its desired security properties if the KEM's <tt>AuthEncap()</tt>/<tt>AuthDecap( )</tt> its desired security properties if the KEM's <tt>AuthEncap()</tt>/<tt>AuthDecap( )</tt>
interface satisfies multiuser Outsider-CCA, Outsider-Auth, and interface satisfies multi-user Outsider-CCA, Outsider-Auth, and
Insider-CCA security, as defined in the same paper.</t> Insider-CCA security, as defined in the same paper.</t>
<t>Intuitively, Outsider-CCA security formalizes confidentiality, and <t>Intuitively, Outsider-CCA security formalizes confidentiality, and
Outsider-Auth security formalizes authentication of the KEM shared secret Outsider-Auth security formalizes authentication of the KEM shared secret
in case none of the sender or recipient private keys are compromised. in case none of the sender or recipient private keys are compromised.
Insider-CCA security formalizes confidentiality of the KEM shared secret Insider-CCA security formalizes confidentiality of the KEM shared secret
in case the sender private key is known or chosen by the adversary. in case the sender private key is known or chosen by the adversary.
(If the recipient private key is known or chosen by the adversary, (If the recipient private key is known or chosen by the adversary,
confidentiality is trivially broken, because then the adversary knows confidentiality is trivially broken, because then the adversary knows
all secrets on the recipient's side).</t> all secrets on the recipient's side).</t>
<t>An Insider-Auth security notion would formalize authentication of t he <t>An Insider-Auth security notion would formalize authentication of t he
KEM shared secret in case the recipient private key is known or chosen KEM shared secret in case the recipient private key is known or chosen
by the adversary. (If the sender private key is known or chosen by the by the adversary. (If the sender private key is known or chosen by the
adversary, it can create KEM ciphertexts in the name of the sender). adversary, it can create KEM ciphertexts in the name of the sender).
Because of the generic attack on an analogous Insider-Auth security Because of the generic attack on an analogous Insider-Auth security
notion of HPKE described in <xref target="sec-properties" format="default"/>, a definition of notion of HPKE described in <xref target="sec-properties" format="default"/>, a definition of
Insider-Auth security for KEMs used within HPKE is not useful.</t> Insider-Auth security for KEMs used within HPKE is not useful.</t>
</section> </section>
<section anchor="kem-key-reuse" numbered="true" toc="default"> <section anchor="kem-key-reuse" numbered="true" toc="default">
<name>KEM Key Reuse</name> <name>KEM Key Reuse</name>
<t>An <tt>ikm</tt> input to <tt>DeriveKeyPair()</tt> (<xref target="de <t>An <tt>ikm</tt> input to <tt>DeriveKeyPair()</tt> (<xref target="de
rive-key-pair" format="default"/>) <bcp14>MUST NOT</bcp14> be rive-key-pair" format="default"/>) MUST NOT be
reused elsewhere, in particular, not with <tt>DeriveKeyPair()</tt> of a reused elsewhere, in particular not with <tt>DeriveKeyPair()</tt> of a
different KEM.</t> different KEM.</t>
<t>The randomness used in <tt>Encap()</tt> and <tt>AuthEncap()</tt> to generate the <t>The randomness used in <tt>Encap()</tt> and <tt>AuthEncap()</tt> to generate the
KEM shared secret or its encapsulation <bcp14>MUST NOT</bcp14> be reused elsewhe KEM shared secret or its encapsulation MUST NOT be reused elsewhere.</t>
re.</t> <t>Since a KEM key pair belonging to a sender or recipient works with
<t>As a sender or recipient, KEM key pair works with all modes; it can all modes, it can
be used with multiple modes in parallel. HPKE is constructed to be be used with multiple modes in parallel. HPKE is constructed to be
secure in such settings due to domain separation using the <tt>suite_id</tt> secure in such settings due to domain separation using the <tt>suite_id</tt>
variable. However, there is no formal proof of security at the time of variable. However, there is no formal proof of security at the time of
writing for using multiple modes in parallel; <xref target="HPKEAnalysis" format ="default"/> and writing for using multiple modes in parallel; <xref target="HPKEAnalysis" format ="default"/> and
<xref target="ABHKLR20" format="default"/> only analyze isolated modes.</t> <xref target="ABHKLR20" format="default"/> only analyze isolated modes.</t>
</section> </section>
</section> </section>
<section anchor="kdf-choice" numbered="true" toc="default"> <section anchor="kdf-choice" numbered="true" toc="default">
<name>Security Requirements on a KDF</name> <name>Security Requirements on a KDF</name>
<t>The choice of the KDF for HPKE <bcp14>SHOULD</bcp14> be made based on the security <t>The choice of the KDF for HPKE SHOULD be made based on the security
level provided by the KEM and, if applicable, by the PSK. The KDF level provided by the KEM and, if applicable, by the PSK. The KDF
<bcp14>SHOULD</bcp14> at least have the security level of the KEM and <bcp14>SHO ULD</bcp14> SHOULD at least have the security level of the KEM and SHOULD
at least have the security level provided by the PSK.</t> at least have the security level provided by the PSK.</t>
</section> </section>
<section anchor="aead-security" numbered="true" toc="default"> <section anchor="aead-security" numbered="true" toc="default">
<name>Security Requirements on an AEAD</name> <name>Security Requirements on an AEAD</name>
<t>All AEADs <bcp14>MUST</bcp14> be IND-CCA2 secure, as is currently tru e for all AEADs <t>All AEADs MUST be IND-CCA2-secure, as is currently true for all AEADs
listed in <xref target="aead-ids" format="default"/>.</t> listed in <xref target="aead-ids" format="default"/>.</t>
</section> </section>
<section anchor="security-psk" numbered="true" toc="default"> <section anchor="security-psk" numbered="true" toc="default">
<name>Pre-Shared Key Recommendations</name> <name>Pre-Shared Key Recommendations</name>
<t>In the PSK and AuthPSK modes, the PSK <bcp14>MUST</bcp14> have at lea <t>In the PSK and AuthPSK modes, the PSK MUST have at least 32 bytes of
st 32 bytes of entropy and SHOULD be of length <tt>Nh</tt> bytes or longer. Using a PSK longer
entropy and <bcp14>SHOULD</bcp14> be of length <tt>Nh</tt> bytes or longer. Usin than
g a PSK longer than
32 bytes but shorter than <tt>Nh</tt> bytes is permitted.</t> 32 bytes but shorter than <tt>Nh</tt> bytes is permitted.</t>
<t>HPKE is specified to use HKDF as the key derivation function. HKDF is <t>HPKE is specified to use HKDF as its key derivation function. HKDF is
not not
designed to slow down dictionary attacks; see <xref target="RFC5869" format="def designed to slow down dictionary attacks (see <xref target="RFC5869" format="def
ault"/>. Thus, HPKE's ault"/>). Thus, HPKE's
PSK mechanism is not suitable for use with a low-entropy password as the PSK mechanism is not suitable for use with a low-entropy password as the
PSK; in scenarios in which the adversary knows the KEM shared secret PSK: In scenarios in which the adversary knows the KEM shared secret
<tt>shared_secret</tt> and has access to an oracle that allows distinguishing be <tt>shared_secret</tt> and has access to an oracle that distinguishes between
tween
a good and a wrong PSK, it can perform PSK-recovering attacks. This oracle a good and a wrong PSK, it can perform PSK-recovering attacks. This oracle
can be the decryption operation on a captured HPKE ciphertext or any other can be the decryption operation on a captured HPKE ciphertext or any other
recipient behavior that is observably different when using a wrong PSK. recipient behavior that is observably different when using a wrong PSK.
The adversary knows the KEM shared secret <tt>shared_secret</tt> if it knows all The adversary knows the KEM shared secret <tt>shared_secret</tt> if it knows all
KEM private keys of one participant. In the PSK mode, this is trivially KEM private keys of one participant. In the PSK mode, this is trivially
the case if the adversary acts as the sender.</t> the case if the adversary acts as the sender.</t>
<t>To recover a lower entropy PSK, an attacker in this scenario can triv ially <t>To recover a lower entropy PSK, an attacker in this scenario can triv ially
perform a dictionary attack. Given a set <tt>S</tt> of possible PSK values, the perform a dictionary attack. Given a set <tt>S</tt> of possible PSK values, the
attacker generates an HPKE ciphertext for each value in <tt>S</tt> and submits attacker generates an HPKE ciphertext for each value in <tt>S</tt>, and submits
the resulting ciphertexts to the oracle to learn which PSK is being used by the resulting ciphertexts to the oracle to learn which PSK is being used by
the recipient. Further, because HPKE uses AEAD schemes that are not key-committi ng, the recipient. Further, because HPKE uses AEAD schemes that are not key-committi ng,
an attacker can mount a partitioning oracle attack <xref target="LGR20" format=" default"/> that can recover an attacker can mount a partitioning oracle attack <xref target="LGR20" format=" default"/> that can recover
the PSK from a set of <tt>S</tt> possible PSK values, with |S| = m*k, in roughly the PSK from a set of <tt>S</tt> possible PSK values, with |S| = m*k, in roughly
m + log k queries to the oracle using ciphertexts of length proportional to m + log k queries to the oracle using ciphertexts of length proportional to
k, the maximum message length in blocks. (Applying the multi-collision algorithm from k, the maximum message length in blocks. (Applying the multi-collision algorithm from
<xref target="LGR20" format="default"/> requires a small adaptation to the algor ithm wherein the appropriate nonce <xref target="LGR20" format="default"/> requires a small adaptation to the algor ithm wherein the appropriate nonce
is computed for each candidate key. This modification adds one call to HKDF per key. is computed for each candidate key. This modification adds one call to HKDF per key.
The number of partitioning oracle queries remains unchanged.) As a result, the P SK The number of partitioning oracle queries remains unchanged.) As a result, the P SK
must therefore be chosen with sufficient entropy so that m + log k is prohibitiv e for must therefore be chosen with sufficient entropy so that m + log k is prohibitiv e for
attackers (e.g., 2<sup>128</sup>). Future specifications can define new AEAD alg orithms that attackers (e.g., 2^128). Future specifications can define new AEAD algorithms th at
are key-committing.</t> are key-committing.</t>
</section> </section>
<section anchor="domain-separation" numbered="true" toc="default"> <section anchor="domain-separation" numbered="true" toc="default">
<name>Domain Separation</name> <name>Domain Separation</name>
<t>HPKE allows combining a DHKEM variant <tt>DHKEM(Group, KDF')</tt> and a KDF, <t>HPKE allows combining a DHKEM variant <tt>DHKEM(Group, KDF')</tt> and a KDF
such that both KDFs are instantiated by the same KDF. By design, the such that both KDFs are instantiated by the same KDF. By design, the
calls to <tt>Extract()</tt> and <tt>Expand()</tt> inside DHKEM and the remainder of calls to <tt>Extract()</tt> and <tt>Expand()</tt> inside DHKEM and the remainder of
HPKE use separate input domains. This justifies modeling them as HPKE use separate input domains. This justifies modeling them as
independent functions even if instantiated by the same KDF. independent functions even if instantiated by the same KDF.
This domain separation between DHKEM and the remainder of HPKE is achieved by This domain separation between DHKEM and the remainder of HPKE is achieved by
the <tt>suite_id</tt> values in <tt>LabeledExtract()</tt> and <tt>LabeledExpand( using prefix-free sets of <tt>suite_id</tt> values in <tt>LabeledExtract()</tt>
)</tt>; and
the values used (<tt>KEM...</tt> in DHKEM and <tt>HPKE...</tt> in the remainder <tt>LabeledExpand()</tt> (<tt>KEM...</tt> in DHKEM and <tt>HPKE...</tt> in the r
of HPKE) emainder of HPKE).
are prefix-free (a set is prefix-free if no element is a prefix of Recall that a set is prefix-free if no element is a prefix of another within the
another within the set).</t> set.</t>
<t>Future KEM instantiations <bcp14>MUST</bcp14> ensure, should <tt>Extr <t>Future KEM instantiations MUST ensure, should <tt>Extract()</tt> and
act()</tt> and
<tt>Expand()</tt> be used internally, that they can be modeled as functions <tt>Expand()</tt> be used internally, that they can be modeled as functions
independent from the invocations of <tt>Extract()</tt> and <tt>Expand()</tt> in the independent from the invocations of <tt>Extract()</tt> and <tt>Expand()</tt> in the
remainder of HPKE. One way to ensure this is by using <tt>LabeledExtract()</tt> remainder of HPKE. One way to ensure this is by using <tt>LabeledExtract()</tt>
and <tt>LabeledExpand()</tt> with a <tt>suite_id</tt>, as defined in <xref targe t="base-crypto" format="default"/>, and <tt>LabeledExpand()</tt> with a <tt>suite_id</tt> as defined in <xref target ="base-crypto" format="default"/>,
which will ensure input domain separation, as outlined above. which will ensure input domain separation, as outlined above.
Particular attention needs to Particular attention needs to
be paid if the KEM directly invokes functions that are used internally be paid if the KEM directly invokes functions that are used internally
in HPKE's <tt>Extract()</tt> or <tt>Expand()</tt>, such as <tt>Hash()</tt> and < tt>HMAC()</tt> in the case of HKDF. in HPKE's <tt>Extract()</tt> or <tt>Expand()</tt>, such as <tt>Hash()</tt> and < tt>HMAC()</tt> in the case of HKDF.
It <bcp14>MUST</bcp14> be ensured that inputs to these invocations cannot collid e with It MUST be ensured that inputs to these invocations cannot collide with
inputs to the internal invocations of these functions inside <tt>Extract()</tt> or inputs to the internal invocations of these functions inside <tt>Extract()</tt> or
<tt>Expand()</tt>. In HPKE's <tt>KeySchedule()</tt>, this is avoided by using <t t>Extract()</tt> instead of <tt>Expand()</tt>. In HPKE's <tt>KeySchedule()</tt> this is avoided by using <tt >Extract()</tt> instead of
<tt>Hash()</tt> on the arbitrary-length inputs <tt>info</tt> and <tt>psk_id</tt> .</t> <tt>Hash()</tt> on the arbitrary-length inputs <tt>info</tt> and <tt>psk_id</tt> .</t>
<t>The string literal "HPKE-v1" used in <tt>LabeledExtract()</tt> and <t t>LabeledExpand()</tt> <t>The string literal "HPKE-v1" used in <tt>LabeledExtract()</tt> and <t t>LabeledExpand()</tt>
ensures that any secrets derived in HPKE are bound to the scheme's name ensures that any secrets derived in HPKE are bound to the scheme's name
and version, even when possibly derived from the same Diffie-Hellman or and version, even when possibly derived from the same Diffie-Hellman or
KEM shared secret as in another scheme or version.</t> KEM shared secret as in another scheme or version.</t>
</section> </section>
<section anchor="non-goals" numbered="true" toc="default"> <section anchor="non-goals" numbered="true" toc="default">
<name>Application Embedding and Non-goals</name> <name>Application Embedding and Non-Goals</name>
<t>HPKE is designed to be a fairly low-level mechanism. As a result, it assumes <t>HPKE is designed to be a fairly low-level mechanism. As a result, it assumes
that certain properties are provided by the application in which HPKE is that certain properties are provided by the application in which HPKE is
embedded and leaves certain security properties to be provided by other embedded and leaves certain security properties to be provided by other
mechanisms. Otherwise said, certain properties are out of scope for HPKE.</t> mechanisms. Otherwise said, certain properties are out-of-scope for HPKE.</t>
<section anchor="message-order-and-message-loss" numbered="true" toc="de fault"> <section anchor="message-order-and-message-loss" numbered="true" toc="de fault">
<name>Message Order and Message Loss</name> <name>Message Order and Message Loss</name>
<t>The primary requirement that HPKE imposes on applications is the re quirement <t>The primary requirement that HPKE imposes on applications is the re quirement
that ciphertexts <bcp14>MUST</bcp14> be presented to <tt>ContextR.Open()</tt> in the same order in that ciphertexts MUST be presented to <tt>ContextR.Open()</tt> in the same order in
which they were generated by <tt>ContextS.Seal()</tt>. When the single-shot API is which they were generated by <tt>ContextS.Seal()</tt>. When the single-shot API is
used (see <xref target="single-shot-apis" format="default"/>), this is trivially true (since there is only used (see <xref target="single-shot-apis" format="default"/>), this is trivially true (since there is only
ever one ciphertext). Applications that allow for multiple invocations of ever one ciphertext. Applications that allow for multiple invocations of
<tt>Open()</tt> / <tt>Seal()</tt> on the same context <bcp14>MUST</bcp14> enforc <tt>Open()</tt> / <tt>Seal()</tt> on the same context MUST enforce the ordering
e the ordering property property
described above.</t> described above.</t>
<t>The ordering requirements of this character are usually fulfilled b y providing a <t>Ordering requirements of this character are usually fulfilled by pr oviding a
sequence number in the framing of encrypted messages. Whatever information is sequence number in the framing of encrypted messages. Whatever information is
used to determine the ordering of HPKE-encrypted messages <bcp14>SHOULD</bcp14> used to determine the ordering of HPKE-encrypted messages SHOULD be included in
be included in the AAD passed to <tt>ContextS.Seal()</tt> and <tt>ContextR.Open()</tt>. The sp
the additional authenticated data (AAD) passed to <tt>ContextS.Seal()</tt> and < ecifics of
tt>ContextR.Open()</tt>. The specifics of
this scheme are up to the application.</t> this scheme are up to the application.</t>
<t>HPKE is not tolerant of lost messages. Applications <bcp14>MUST</bc <t>HPKE is not tolerant of lost messages. Applications MUST be able to
p14> be able to detect when detect when
a message has been lost. When an unrecoverable loss is detected, the applicatio a message has been lost. When an unrecoverable loss is detected, the applicatio
n <bcp14>MUST</bcp14> discard n MUST discard
any associated HPKE context.</t> any associated HPKE context.</t>
</section> </section>
<section anchor="downgrade-prevention" numbered="true" toc="default"> <section anchor="downgrade-prevention" numbered="true" toc="default">
<name>Downgrade Prevention</name> <name>Downgrade Prevention</name>
<t>HPKE assumes that the sender and recipient agree on what algorithms to use. <t>HPKE assumes that the sender and recipient agree on what algorithms to use.
Depending on how these algorithms are negotiated, it may be possible for an Depending on how these algorithms are negotiated, it may be possible for an
intermediary to force the two parties to use suboptimal algorithms.</t> intermediary to force the two parties to use suboptimal algorithms.</t>
</section> </section>
<section anchor="replay-protection" numbered="true" toc="default"> <section anchor="replay-protection" numbered="true" toc="default">
<name>Replay Protection</name> <name>Replay Protection</name>
skipping to change at line 1780 skipping to change at line 1641
in any mode. This means that compromise of long-term recipient secrets allows in any mode. This means that compromise of long-term recipient secrets allows
an attacker to decrypt past ciphertexts encrypted under said secrets. This is be cause an attacker to decrypt past ciphertexts encrypted under said secrets. This is be cause
only long-term secrets are used on the side of the recipient.</t> only long-term secrets are used on the side of the recipient.</t>
<t>HPKE ciphertexts are forward secret with respect to sender compromi se in all <t>HPKE ciphertexts are forward secret with respect to sender compromi se in all
modes. This is because ephemeral randomness is used on the sender's side, which modes. This is because ephemeral randomness is used on the sender's side, which
is supposed to be erased directly after computation of the KEM shared secret and is supposed to be erased directly after computation of the KEM shared secret and
ciphertext.</t> ciphertext.</t>
</section> </section>
<section anchor="bad-ephemeral-randomness" numbered="true" toc="default" > <section anchor="bad-ephemeral-randomness" numbered="true" toc="default" >
<name>Bad Ephemeral Randomness</name> <name>Bad Ephemeral Randomness</name>
<t>If the randomness used for KEM encapsulation is bad -- i.e., of low <t>If the randomness used for KEM encapsulation is bad - i.e., of low
entropy or entropy or
compromised because of a broken or subverted random number generator -- the compromised because of a broken or subverted random number generator - the
confidentiality guarantees of HPKE degrade significantly. In Base mode, confidentiality guarantees of HPKE degrade significantly. In Base mode,
confidentiality guarantees can be lost completely; in the other modes, at least forward secrecy with confidentiality guarantees can be lost completely; in the other modes, at least forward secrecy with
respect to sender compromise can be lost completely.</t> respect to sender compromise can be lost completely.</t>
<t>Such a situation could also lead to the reuse of the same KEM share d secret <t>Such a situation could also lead to the reuse of the same KEM share d secret
and thus to the reuse of same key-nonce pairs for the AEAD. and thus to the reuse of same key-nonce pairs for the AEAD.
The AEADs specified in this document are not secure The AEADs specified in this document are not secure
in case of nonce reuse. This attack vector is particularly relevant in in case of nonce reuse. This attack vector is particularly relevant in
authenticated modes because knowledge of the ephemeral randomness is not authenticated modes because knowledge of the ephemeral randomness is not
enough to derive <tt>shared_secret</tt> in these modes.</t> enough to derive <tt>shared_secret</tt> in these modes.</t>
<t>One way for applications to mitigate the impacts of bad ephemeral r andomness is <t>One way for applications to mitigate the impacts of bad ephemeral r andomness is
skipping to change at line 1805 skipping to change at line 1666
<section anchor="hiding-plaintext-length" numbered="true" toc="default"> <section anchor="hiding-plaintext-length" numbered="true" toc="default">
<name>Hiding Plaintext Length</name> <name>Hiding Plaintext Length</name>
<t>AEAD ciphertexts produced by HPKE do not hide the plaintext length. Applications <t>AEAD ciphertexts produced by HPKE do not hide the plaintext length. Applications
requiring this level of privacy should use a suitable padding mechanism. See requiring this level of privacy should use a suitable padding mechanism. See
<xref target="I-D.ietf-tls-esni" format="default"/> and <xref target="RFC8467" f ormat="default"/> for examples of protocol-specific <xref target="I-D.ietf-tls-esni" format="default"/> and <xref target="RFC8467" f ormat="default"/> for examples of protocol-specific
padding policies.</t> padding policies.</t>
</section> </section>
</section> </section>
<section anchor="bidirectional" numbered="true" toc="default"> <section anchor="bidirectional" numbered="true" toc="default">
<name>Bidirectional Encryption</name> <name>Bidirectional Encryption</name>
<t>As discussed in <xref target="hpke-dem" format="default"/>, HPKE encr <t>As discussed in <xref target="hpke-dem" format="default"/>, HPKE encr
yption is unidirectional from the sender yption is unidirectional from sender
to the recipient. Applications that require bidirectional encryption can derive to recipient. Applications that require bidirectional encryption can derive
necessary keying material with the Secret Export interface (<xref target="hpke-e necessary keying material with the secret export interface <xref target="hpke-ex
xport" format="default"/>). port" format="default"/>.
The type and length of such keying material depends on the application use The type and length of such keying material depends on the application use
case.</t> case.</t>
<t>As an example, if an application needs AEAD encryption from the recip <t>As an example, if an application needs AEAD encryption from the recip
ient to the ient to
sender, it can derive a key and nonce from the corresponding HPKE context the sender, it can derive a key and nonce from the corresponding HPKE context
as follows:</t> as follows:</t>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
key = context.Export("response key", Nk) key = context.Export("response key", Nk)
nonce = context.Export("response nonce", Nn) nonce = context.Export("response nonce", Nn)
]]></sourcecode> ]]></artwork>
<t>In this example, the length of each secret is based on the AEAD algor ithm <t>In this example, the length of each secret is based on the AEAD algor ithm
used for the corresponding HPKE context.</t> used for the corresponding HPKE context.</t>
<t>Note that HPKE's limitations with regard to sender authentication bec ome limits <t>Note that HPKE's limitations with regard to sender authentication bec ome limits
on recipient authentication in this context. In particular, in the Base mode, on recipient authentication in this context. In particular, in the Base mode,
there is no authentication of the remote party at all. Even in the Auth mode, there is no authentication of the remote party at all. Even in the Auth mode,
where the remote party has proven that they hold a specific private key, this where the remote party has proven that they hold a specific private key, this
authentication is still subject to key compromise impersonation, as discussed authentication is still subject to key-compromise impersonation, as discussed
in <xref target="kci" format="default"/>.</t> in <xref target="kci" format="default"/>.</t>
</section> </section>
<section anchor="metadata-protection" numbered="true" toc="default"> <section anchor="metadata-protection" numbered="true" toc="default">
<name>Metadata Protection</name> <name>Metadata Protection</name>
<t>The authenticated modes of HPKE (PSK, Auth, and AuthPSK) require that the recipient <t>The authenticated modes of HPKE (PSK, Auth, and AuthPSK) require that the recipient
know what key material to use for the sender. This can be signaled in know what key material to use for the sender. This can be signaled in
applications by sending the PSK ID (<tt>psk_id</tt>) and/or the sender's public applications by sending the PSK ID (<tt>psk_id</tt> above) and/or the sender's p ublic
key (<tt>pkS</tt>). However, these values themselves might be considered sensit ive, key (<tt>pkS</tt>). However, these values themselves might be considered sensit ive,
since, in a given application context, they might identify the sender.</t> since, in a given application context, they might identify the sender.</t>
<t>An application that wishes to protect these metadata values without r equiring <t>An application that wishes to protect these metadata values without r equiring
further provisioning of keys can use an additional instance of HPKE, using the further provisioning of keys can use an additional instance of HPKE, using the
unauthenticated Base mode. Where the application might have sent <tt>(psk_id, p kS, unauthenticated Base mode. Where the application might have sent <tt>(psk_id, p kS,
enc, ciphertext)</tt> before, it would now send <tt>(enc2, ciphertext2, enc, cip hertext)</tt>, enc, ciphertext)</tt> before, it would now send <tt>(enc2, ciphertext2, enc, cip hertext)</tt>,
where <tt>(enc2, ciphertext2)</tt> represent the encryption of the <tt>psk_id</t t> and <tt>pkS</tt> where <tt>(enc2, ciphertext2)</tt> represent the encryption of the <tt>psk_id</t t> and <tt>pkS</tt>
values.</t> values.</t>
<t>The cost of this approach is an additional KEM operation, each for th e sender and <t>The cost of this approach is an additional KEM operation each for the sender and
the recipient. A potential lower-cost approach (involving only symmetric the recipient. A potential lower-cost approach (involving only symmetric
operations) would be available if the nonce-protection schemes in <xref target=" BNT19" format="default"/> operations) would be available if the nonce-protection schemes in <xref target=" BNT19" format="default"/>
could be extended to cover other metadata. However, this construction would could be extended to cover other metadata. However, this construction would
require further analysis.</t> require further analysis.</t>
</section> </section>
</section> </section>
<section anchor="message-encoding" numbered="true" toc="default"> <section anchor="message-encoding" numbered="true" toc="default">
<name>Message Encoding</name> <name>Message Encoding</name>
<t>This document does not specify a wire format encoding for HPKE messages . Applications <t>This document does not specify a wire format encoding for HPKE messages . Applications
that adopt HPKE must therefore specify an unambiguous encoding mechanism that in cludes, that adopt HPKE must therefore specify an unambiguous encoding mechanism that in cludes,
minimally, the encapsulated value <tt>enc</tt>, ciphertext value(s) (and order i f there are minimally: the encapsulated value <tt>enc</tt>, ciphertext value(s) (and order i f there are
multiple), and any info values that are not implicit. One example of a non-impli cit multiple), and any info values that are not implicit. One example of a non-impli cit
value is the recipient public key used for encapsulation, which may be needed if a value is the recipient public key used for encapsulation, which may be needed if a
recipient has more than one public key.</t> recipient has more than one public key.</t>
<t>The AEAD interface used in this document is based on <xref target="RFC5 116" format="default"/>, which produces and <t>The AEAD interface used in this document is based on <xref target="RFC5 116" format="default"/>, which produces and
consumes a single ciphertext value. As discussed in <xref target="RFC5116" forma t="default"/>, this ciphertext value consumes a single ciphertext value. As discussed in <xref target="RFC5116" forma t="default"/>, this ciphertext value
contains the encrypted plaintext, as well as any authentication data encoded in a manner contains the encrypted plaintext as well as any authentication data, encoded in a manner
described by the individual AEAD scheme. Some implementations are not structured in this described by the individual AEAD scheme. Some implementations are not structured in this
way, instead provide a separate ciphertext and authentication tag. When such way, instead providing a separate ciphertext and authentication tag. When such
AEAD implementations are used in HPKE implementations, the HPKE implementation m ust combine AEAD implementations are used in HPKE implementations, the HPKE implementation m ust combine
these inputs into a single ciphertext value within <tt>Seal()</tt> and parse the m out within these inputs into a single ciphertext value within <tt>Seal()</tt> and parse the m out within
<tt>Open()</tt>, where the parsing details are defined by the AEAD scheme. For e xample, with <tt>Open()</tt>, where the parsing details are defined by the AEAD scheme. For e xample, with
the AES-GCM schemes specified in this document, the GCM authentication tag is pl aced in the AES-GCM schemes specified in this document, the GCM authentication tag is pl aced in
the last Nt bytes of the ciphertext output.</t> the last Nt bytes of the ciphertext output.</t>
</section> </section>
<section anchor="iana" numbered="true" toc="default"> <section anchor="iana" numbered="true" toc="default">
<name>IANA Considerations</name> <name>IANA Considerations</name>
<t>IANA has created three new registries:</t> <t>IANA has created three new registries:</t>
<ul spacing="normal"> <ul spacing="normal">
<li>HPKE KEM Identifiers</li> <li>HPKE KEM Identifiers</li>
<li>HPKE KDF Identifiers</li> <li>HPKE KDF Identifiers</li>
<li>HPKE AEAD Identifiers</li> <li>HPKE AEAD Identifiers</li>
</ul> </ul>
<t>All these registries are under "Hybrid Public Key <t>All these registries are under "Hybrid Public Key
Encryption" and administered under a Specification Required policy <xref target= "RFC8126" format="default"/>.</t> Encryption", and administered under a Specification Required policy <xref target ="RFC8126" format="default"/></t>
<section anchor="kem-template" numbered="true" toc="default"> <section anchor="kem-template" numbered="true" toc="default">
<name>KEM Identifiers</name> <name>KEM Identifiers</name>
<t>The "HPKE KEM Identifiers" registry lists identifiers for key encapsu lation <t>The "HPKE KEM Identifiers" registry lists identifiers for key encapsu lation
algorithms defined for use with HPKE. These identifiers are two-byte values, algorithms defined for use with HPKE. These identifiers are two-byte values,
so the maximum possible value is 0xFFFF = 65535.</t> so the maximum possible value is 0xFFFF = 65535.</t>
<dl newline="true" spacing="normal"> <t>Template:</t>
<dt>Template:</dt> <ul spacing="normal">
<dd> <li>Value: The two-byte identifier for the algorithm</li>
<dl newline="false" spacing="normal"> <li>KEM: The name of the algorithm</li>
<dt>Value:</dt> <li>Nsecret: The length in bytes of a KEM shared secret produced by th
<dd>the two-byte identifier for the algorithm</dd> e algorithm</li>
<dt>KEM:</dt> <li>Nenc: The length in bytes of an encoded encapsulated key produced
<dd>the name of the algorithm</dd> by the algorithm</li>
<dt>Nsecret:</dt> <li>Npk: The length in bytes of an encoded public key for the algorith
<dd>the length in bytes of a KEM shared secret produced by the algo m</li>
rithm</dd> <li>Nsk: The length in bytes of an encoded private key for the algorit
<dt>Nenc:</dt> hm</li>
<dd>the length in bytes of an encoded encapsulated key produced by <li>Auth: A boolean indicating if this algorithm provides the <tt>Auth
the Encap()</tt>/<tt>AuthDecap()</tt> interface</li>
algorithm</dd> <li>Reference: Where this algorithm is defined</li>
<dt>Npk:</dt> </ul>
<dd>the length in bytes of an encoded public key for the algorithm< <t>Initial contents: Provided in <xref target="kemid-values" format="def
/dd> ault"/></t>
<dt>Nsk:</dt>
<dd>the length in bytes of an encoded private key for the algorithm
</dd>
<dt>Auth:</dt>
<dd>a boolean indicating if this algorithm provides the
<tt>AuthEncap()</tt>/<tt>AuthDecap()</tt> interface</dd>
<dt>Reference:</dt>
<dd>where this algorithm is defined</dd>
</dl>
</dd>
</dl>
<dl newline="false" spacing="normal">
<dt>Initial contents:</dt>
<dd>Provided in <xref target="kemid-values" format="default"/></dd>
</dl>
</section> </section>
<section anchor="kdf-identifiers" numbered="true" toc="default"> <section anchor="kdf-identifiers" numbered="true" toc="default">
<name>KDF Identifiers</name> <name>KDF Identifiers</name>
<t>The "HPKE KDF Identifiers" registry lists identifiers for key derivat ion <t>The "HPKE KDF Identifiers" registry lists identifiers for key derivat ion
functions defined for use with HPKE. These identifiers are two-byte values, functions defined for use with HPKE. These identifiers are two-byte values,
so the maximum possible value is 0xFFFF = 65535.</t> so the maximum possible value is 0xFFFF = 65535.</t>
<dl newline="true" spacing="normal"> <t>Template:</t>
<dt>Template:</dt> <ul spacing="normal">
<dd> <li>Value: The two-byte identifier for the algorithm</li>
<dl newline="false" spacing="normal"> <li>KDF: The name of the algorithm</li>
<dt>Value:</dt> <li>Nh: The output size of the Extract function in bytes</li>
<dd>the two-byte identifier for the algorithm</dd> <li>Reference: Where this algorithm is defined</li>
<dt>KDF:</dt> </ul>
<dd>the name of the algorithm</dd> <t>Initial contents: Provided in <xref target="kdfid-values" format="def
<dt>Nh:</dt> ault"/></t>
<dd>the output size of the Extract function in bytes</dd>
<dt>Reference:</dt>
<dd>where this algorithm is defined</dd>
</dl>
</dd>
</dl>
<dl newline="false" spacing="normal">
<dt>Initial contents:</dt>
<dd>Provided in <xref target="kdfid-values" format="default"/></dd>
</dl>
</section> </section>
<section anchor="aead-identifiers" numbered="true" toc="default"> <section anchor="aead-identifiers" numbered="true" toc="default">
<name>AEAD Identifiers</name> <name>AEAD Identifiers</name>
<t>The "HPKE AEAD Identifiers" registry lists identifiers for authentica ted <t>The "HPKE AEAD Identifiers" registry lists identifiers for authentica ted
encryption with associated data (AEAD) algorithms defined for use with HPKE. encryption with associated data (AEAD) algorithms defined for use with HPKE.
These identifiers are two-byte values, so the maximum possible value is These identifiers are two-byte values, so the maximum possible value is
0xFFFF = 65535.</t> 0xFFFF = 65535.</t>
<dl newline="true" spacing="normal"> <t>Template:</t>
<dt>Template:</dt> <ul spacing="normal">
<dd> <li>Value: The two-byte identifier for the algorithm</li>
<dl newline="false" spacing="normal"> <li>AEAD: The name of the algorithm</li>
<dt>Value:</dt> <li>Nk: The length in bytes of a key for this algorithm</li>
<dd>the two-byte identifier for the algorithm</dd> <li>Nn: The length in bytes of a nonce for this algorithm</li>
<dt>AEAD:</dt> <li>Nt: The length in bytes of an authentication tag for this algorith
<dd>the name of the algorithm</dd> m</li>
<dt>Nk:</dt> <li>Reference: Where this algorithm is defined</li>
<dd>the length in bytes of a key for this algorithm</dd> </ul>
<dt>Nn:</dt> <t>Initial contents: Provided in <xref target="aeadid-values" format="de
<dd>the length in bytes of a nonce for this algorithm</dd> fault"/></t>
<dt>Nt:</dt>
<dd>the length in bytes of an authentication tag for this algorithm
</dd>
<dt>Reference:</dt>
<dd>where this algorithm is defined</dd>
</dl>
</dd>
</dl>
<dl newline="false" spacing="normal">
<dt>Initial contents:</dt>
<dd>Provided in <xref target="aeadid-values" format="default"/></dd>
</dl>
</section> </section>
</section> </section>
</middle> </middle>
<back> <back>
<displayreference target="I-D.ietf-mls-protocol" to="MLS-PROTOCOL"/>
<displayreference target="I-D.ietf-tls-esni" to="TLS-ESNI"/>
<references> <references>
<name>References</name> <name>References</name>
<references> <references>
<name>Normative References</name> <name>Normative References</name>
<reference anchor="RFC2119" target="https://www.rfc-editor.org/info/rfc2
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.2119. 119">
xml"/> <front>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8174. <title>Key words for use in RFCs to Indicate Requirement Levels</tit
xml"/> le>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8017. <author fullname="S. Bradner" initials="S." surname="Bradner">
xml"/> <organization/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5116. </author>
xml"/> <date month="March" year="1997"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8126. <abstract>
xml"/> <t>In many standards track documents several words are used to sig
nify the requirements in the specification. These words are often capitalized.
This document defines these words as they should be interpreted in IETF document
s. This document specifies an Internet Best Current Practices for the Internet
Community, and requests discussion and suggestions for improvements.</t>
</abstract>
</front>
<seriesInfo name="BCP" value="14"/>
<seriesInfo name="RFC" value="2119"/>
<seriesInfo name="DOI" value="10.17487/RFC2119"/>
</reference>
<reference anchor="RFC8174" target="https://www.rfc-editor.org/info/rfc8
174">
<front>
<title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</ti
tle>
<author fullname="B. Leiba" initials="B." surname="Leiba">
<organization/>
</author>
<date month="May" year="2017"/>
<abstract>
<t>RFC 2119 specifies common key words that may be used in protoco
l specifications. This document aims to reduce the ambiguity by clarifying tha
t only UPPERCASE usage of the key words have the defined special meanings.</t>
</abstract>
</front>
<seriesInfo name="BCP" value="14"/>
<seriesInfo name="RFC" value="8174"/>
<seriesInfo name="DOI" value="10.17487/RFC8174"/>
</reference>
<reference anchor="RFC8017" target="https://www.rfc-editor.org/info/rfc8
017">
<front>
<title>PKCS #1: RSA Cryptography Specifications Version 2.2</title>
<author fullname="K. Moriarty" initials="K." role="editor" surname="
Moriarty">
<organization/>
</author>
<author fullname="B. Kaliski" initials="B." surname="Kaliski">
<organization/>
</author>
<author fullname="J. Jonsson" initials="J." surname="Jonsson">
<organization/>
</author>
<author fullname="A. Rusch" initials="A." surname="Rusch">
<organization/>
</author>
<date month="November" year="2016"/>
<abstract>
<t>This document provides recommendations for the implementation o
f public-key cryptography based on the RSA algorithm, covering cryptographic pri
mitives, encryption schemes, signature schemes with appendix, and ASN.1 syntax f
or representing keys and for identifying the schemes.</t>
<t>This document represents a republication of PKCS #1 v2.2 from R
SA Laboratories' Public-Key Cryptography Standards (PKCS) series. By publishing
this RFC, change control is transferred to the IETF.</t>
<t>This document also obsoletes RFC 3447.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="8017"/>
<seriesInfo name="DOI" value="10.17487/RFC8017"/>
</reference>
<reference anchor="RFC5116" target="https://www.rfc-editor.org/info/rfc5
116">
<front>
<title>An Interface and Algorithms for Authenticated Encryption</tit
le>
<author fullname="D. McGrew" initials="D." surname="McGrew">
<organization/>
</author>
<date month="January" year="2008"/>
<abstract>
<t>This document defines algorithms for Authenticated Encryption w
ith Associated Data (AEAD), and defines a uniform interface and a registry for s
uch algorithms. The interface and registry can be used as an application-indepe
ndent set of cryptoalgorithm suites. This approach provides advantages in effic
iency and security, and promotes the reuse of crypto implementations. [STANDARD
S-TRACK]</t>
</abstract>
</front>
<seriesInfo name="RFC" value="5116"/>
<seriesInfo name="DOI" value="10.17487/RFC5116"/>
</reference>
<reference anchor="RFC8126" target="https://www.rfc-editor.org/info/rfc8
126">
<front>
<title>Guidelines for Writing an IANA Considerations Section in RFCs
</title>
<author fullname="M. Cotton" initials="M." surname="Cotton">
<organization/>
</author>
<author fullname="B. Leiba" initials="B." surname="Leiba">
<organization/>
</author>
<author fullname="T. Narten" initials="T." surname="Narten">
<organization/>
</author>
<date month="June" year="2017"/>
<abstract>
<t>Many protocols make use of points of extensibility that use con
stants to identify various protocol parameters. To ensure that the values in th
ese fields do not have conflicting uses and to promote interoperability, their a
llocations are often coordinated by a central record keeper. For IETF protocols
, that role is filled by the Internet Assigned Numbers Authority (IANA).</t>
<t>To make assignments in a given registry prudently, guidance des
cribing the conditions under which new values should be assigned, as well as whe
n and how modifications to existing values can be made, is needed. This documen
t defines a framework for the documentation of these guidelines by specification
authors, in order to assure that the provided guidance for the IANA Considerati
ons is clear and addresses the various issues that are likely in the operation o
f a registry.</t>
<t>This is the third edition of this document; it obsoletes RFC 52
26.</t>
</abstract>
</front>
<seriesInfo name="BCP" value="26"/>
<seriesInfo name="RFC" value="8126"/>
<seriesInfo name="DOI" value="10.17487/RFC8126"/>
</reference>
</references> </references>
<references> <references>
<name>Informative References</name> <name>Informative References</name>
<reference anchor="CS01" target="https://eprint.iacr.org/2001/108"> <reference anchor="CS01" target="https://eprint.iacr.org/2001/108">
<front> <front>
<title>Design and Analysis of Practical Public-Key Encryption Scheme s Secure against Adaptive Chosen Ciphertext Attack</title> <title>Design and Analysis of Practical Public-Key Encryption Scheme s Secure against Adaptive Chosen Ciphertext Attack</title>
<author initials="R." surname="Cramer" fullname="Ronald Cramer"> <author initials="R." surname="Cramer" fullname="Ronald Cramer">
<organization/> <organization/>
</author> </author>
<author initials="V." surname="Shoup" fullname="Victor Shoup"> <author initials="V." surname="Shoup" fullname="Victor Shoup">
<organization/> <organization/>
</author> </author>
<date year="2001" month="December"/> <date year="2001"/>
</front> </front>
</reference> </reference>
<reference anchor="HHK06" target="https://eprint.iacr.org/2006/265"> <reference anchor="HHK06" target="https://eprint.iacr.org/2006/265">
<front> <front>
<title>Some (in)sufficient conditions for secure hybrid encryption.< /title> <title>Some (in)sufficient conditions for secure hybrid encryption</ title>
<author initials="J." surname="Herranz" fullname="Javier Herranz"> <author initials="J." surname="Herranz" fullname="Javier Herranz">
<organization/> <organization/>
</author> </author>
<author initials="D." surname="Hofheinz" fullname="Dennis Hofheinz"> <author initials="D." surname="Hofheinz" fullname="Dennis Hofheinz">
<organization/> <organization/>
</author> </author>
<author initials="E." surname="Kiltz" fullname="Eike Kiltz"> <author initials="E." surname="Kiltz" fullname="Eike Kiltz">
<organization/> <organization/>
</author> </author>
<date year="2006" month="August"/> <date year="2006"/>
</front> </front>
</reference> </reference>
<reference anchor="GAP" target="https://link.springer.com/content/pdf/10 .1007/3-540-44586-2_8.pdf"> <reference anchor="GAP" target="https://link.springer.com/content/pdf/10 .1007/3-540-44586-2_8.pdf">
<front> <front>
<title>The Gap-Problems: A New Class of Problems for the Security of Cryptographic Schemes</title> <title>The Gap-Problems - a New Class of Problems for the Security o f Cryptographic Schemes</title>
<author initials="T." surname="Okamoto" fullname="Tatsuaki Okamoto"> <author initials="T." surname="Okamoto" fullname="Tatsuaki Okamoto">
<organization/> <organization/>
</author> </author>
<author initials="D." surname="Pointcheval" fullname="David Pointche val"> <author initials="D." surname="Pointcheval" fullname="David Pointche val">
<organization/> <organization/>
</author> </author>
<date year="2001" month="June"/> <date year="2001"/>
</front> </front>
<seriesInfo name="ISBN" value="978-3-540-44586-9"/> <seriesInfo name="ISBN" value="978-3-540-44586-9"/>
</reference> </reference>
<reference anchor="ANSI"> <reference anchor="ANSI">
<front> <front>
<title>ANSI - X9.63 Public Key Cryptography for the Financial Servic es Industry Key Agreement and Key Transport Using Elliptic Curve Cryptography</t itle> <title>ANSI X9.63 Public Key Cryptography for the Financial Services Industry -- Key Agreement and Key Transport Using Elliptic Curve Cryptography</ title>
<author> <author>
<organization>American National Standards Institute (ANSI)</organi zation> <organization>American National Standards Institute</organization>
</author> </author>
<date year="2001" month="November"/> <date year="2001"/>
</front> </front>
</reference> </reference>
<reference anchor="IEEE1363"> <reference anchor="IEEE1363">
<front> <front>
<title>IEEE Standard Specifications for Public-Key Cryptography - Am endment 1: Additional Techniques</title> <title>IEEE 1363a, Standard Specifications for Public Key Cryptograp hy - Amendment 1 -- Additional Techniques"</title>
<author> <author>
<organization>IEEE</organization> <organization>Institute of Electrical and Electronics Engineers</o rganization>
</author> </author>
<date year="2004"/>
</front> </front>
<seriesInfo name="IEEE Std" value="1363a-2004"/>
</reference> </reference>
<reference anchor="ISO"> <reference anchor="ISO">
<front> <front>
<title>Information technology - Security techniques - Encryption alg orithms - Part 2: Asymmetric ciphers</title> <title>ISO/IEC 18033-2, Information Technology - Security Techniques - Encryption Algorithms - Part 2 -- Asymmetric Ciphers</title>
<author> <author>
<organization>International Organization for Standardization</orga nization> <organization>International Organization for Standardization / Int ernational Electrotechnical Commission</organization>
</author> </author>
<date year="2006" month="May"/> <date year="2006"/>
</front> </front>
<seriesInfo name="ISO/IEC" value="18033-2:2006"/>
</reference> </reference>
<reference anchor="SECG" target="https://secg.org/sec1-v2.pdf"> <reference anchor="SECG" target="https://secg.org/sec1-v2.pdf">
<front> <front>
<title>SEC 1: Elliptic Curve Cryptography, </title> <title>Elliptic Curve Cryptography, Standards for Efficient Cryptogr aphy Group, ver. 2</title>
<author> <author>
<organization>Standards for Efficient Cryptography Group</organiza tion> <organization/>
</author> </author>
<date year="2009" month="May"/> <date year="2009"/>
</front> </front>
<refcontent>Version 2</refcontent>
</reference> </reference>
<reference anchor="BHK09" target="https://eprint.iacr.org/2009/418"> <reference anchor="BHK09" target="https://eprint.iacr.org/2009/418">
<front> <front>
<title>Subtleties in the Definition of IND-CCA: When and How Should Challenge-Decryption be Disallowed?</title> <title>Subtleties in the Definition of IND-CCA: When and How Should Challenge-Decryption be Disallowed?</title>
<author initials="M." surname="Bellare" fullname="Mihir Bellare"> <author initials="." surname="Mihir Bellare">
<organization>University of California San Diego</organization> <organization>University of California San Diego</organization>
</author> </author>
<author initials="D." surname="Hofheinz" fullname="Dennis Hofheinz"> <author initials="." surname="Dennis Hofheinz">
<organization>CWI Amsterdam</organization> <organization>CWI Amsterdam</organization>
</author> </author>
<author initials="E." surname="Kiltz" fullname="Eike Kiltz"> <author initials="." surname="Eike Kiltz">
<organization>CWI Amsterdam</organization> <organization>CWI Amsterdam</organization>
</author> </author>
<date year="2009" month="August"/> <date year="2009"/>
</front> </front>
</reference> </reference>
<reference anchor="SigncryptionDZ10"> <reference anchor="SigncryptionDZ10">
<front> <front>
<title>Practical Signcryption</title> <title>Practical Signcryption</title>
<author initials="A." surname="Dent" fullname="Alexander W. Dent"></ <author>
author> <organization/>
<author initials="Y." surname="Zheng" fullname="Yuliang Zheng"></auth </author>
or> <date year="2010"/>
<date year="2010" month="November"/>
</front> </front>
<seriesInfo name="DOI" value="10.1007/978-3-540-89411-7"/> <seriesInfo name="Information Security and" value="Cryptography"/>
<refcontent>Information Security and Cryptography</refcontent> <seriesInfo name="DOI" value="10.1007/978-3-540-89411-7"/>
</reference> </reference>
<reference anchor="HPKEAnalysis" target="https://eprint.iacr.org/2020/24 3"> <reference anchor="HPKEAnalysis" target="https://eprint.iacr.org/2020/24 3">
<front> <front>
<title>An Analysis of Hybrid Public Key Encryption</title> <title>An Analysis of Hybrid Public Key Encryption</title>
<author initials="B." surname="Lipp" fullname="Benjamin Lipp"> <author initials="B." surname="Lipp" fullname="Benjamin Lipp">
<organization>Inria Paris</organization> <organization>Inria Paris</organization>
</author> </author>
<date year="2020" month="February"/> <date year="2020"/>
</front> </front>
</reference> </reference>
<reference anchor="ABHKLR20" target="https://eprint.iacr.org/2020/1499"> <reference anchor="ABHKLR20" target="https://eprint.iacr.org/2020/1499">
<front> <front>
<title>Analysing the HPKE Standard</title> <title>Analysing the HPKE Standard</title>
<author initials="J." surname="Alwen" fullname="Joël Alwen"> <author initials="J." surname="Alwen" fullname="Joël Alwen">
<organization>Wickr</organization> <organization>Wickr</organization>
</author> </author>
<author initials="B." surname="Blanchet" fullname="Bruno Blanchet"> <author initials="B." surname="Blanchet" fullname="Bruno Blanchet">
<organization>Inria Paris</organization> <organization>Inria Paris</organization>
</author> </author>
<author initials="E." surname="Hauck" fullname="Eduard Hauck"> <author initials="E." surname="Hauck" fullname="Eduard Hauck">
skipping to change at line 2130 skipping to change at line 2019
</author> </author>
<author initials="E." surname="Kiltz" fullname="Eike Kiltz"> <author initials="E." surname="Kiltz" fullname="Eike Kiltz">
<organization>Ruhr-Universität Bochum</organization> <organization>Ruhr-Universität Bochum</organization>
</author> </author>
<author initials="B." surname="Lipp" fullname="Benjamin Lipp"> <author initials="B." surname="Lipp" fullname="Benjamin Lipp">
<organization>Inria Paris</organization> <organization>Inria Paris</organization>
</author> </author>
<author initials="D." surname="Riepel" fullname="Doreen Riepel"> <author initials="D." surname="Riepel" fullname="Doreen Riepel">
<organization>Ruhr-Universität Bochum</organization> <organization>Ruhr-Universität Bochum</organization>
</author> </author>
<date year="2020" month="November"/> <date year="2020"/>
</front> </front>
</reference> </reference>
<reference anchor="MAEA10" target="https://ieeexplore.ieee.org/abstract/ document/5604194/"> <reference anchor="MAEA10" target="https://ieeexplore.ieee.org/abstract/ document/5604194/">
<front> <front>
<title>A comparison of the standardized versions of ECIES</title> <title>A Comparison of the Standardized Versions of ECIES</title>
<author initials="V." surname="Gayoso Martinez" fullname="V. Gayoso Martinez"> <author initials="V." surname="Gayoso Martinez" fullname="V. Gayoso Martinez">
<organization>Applied Physics Institute, CSIC, Madrid, Spain</orga nization> <organization>Applied Physics Institute, CSIC, Madrid, Spain</orga nization>
</author> </author>
<author initials="F." surname="Hernandez Alvarez" fullname="F. Herna ndez Alvarez"> <author initials="F." surname="Hernandez Alvarez" fullname="F. Herna ndez Alvarez">
<organization>Applied Physics Institute, CSIC, Madrid, Spain</orga nization> <organization>Applied Physics Institute, CSIC, Madrid, Spain</orga nization>
</author> </author>
<author initials="L." surname="Hernandez Encinas" fullname="L. Herna ndez Encinas"> <author initials="L." surname="Hernandez Encinas" fullname="L. Herna ndez Encinas">
<organization>Applied Physics Institute, CSIC, Madrid, Spain</orga nization> <organization>Applied Physics Institute, CSIC, Madrid, Spain</orga nization>
</author> </author>
<author initials="C." surname="Sanchez Avila" fullname="C. Sanchez A vila"> <author initials="C." surname="Sanchez Avila" fullname="C. Sanchez A vila">
<organization>Polytechnic University, Madrid, Spain</organization> <organization>Polytechnic University, Madrid, Spain</organization>
</author> </author>
<date year="2010" month="October"/> <date year="2010"/>
</front> </front>
</reference> </reference>
<reference anchor="BNT19" target="http://dx.doi.org/10.1007/978-3-030-26 948-7_9"> <reference anchor="BNT19" target="http://dx.doi.org/10.1007/978-3-030-26 948-7_9">
<front> <front>
<title>Nonces Are Noticed: AEAD Revisited</title> <title>Nonces Are Noticed: AEAD Revisited</title>
<author initials="M." surname="Bellare" fullname="Mihir Bellare"> <author initials="M." surname="Bellare" fullname="Mihir Bellare">
<organization>University of California, San Diego</organization> <organization>University of California, San Diego</organization>
</author> </author>
<author initials="R." surname="Ng" fullname="Ruth Ng"> <author initials="R." surname="Ng" fullname="Ruth Ng">
<organization>University of California, San Diego</organization> <organization>University of California, San Diego</organization>
</author> </author>
<author initials="B." surname="Tackmann" fullname="Björn Tackmann"> <author initials="B." surname="Tackmann" fullname="Björn Tackmann">
<organization>IBM Research</organization> <organization>IBM Research</organization>
</author> </author>
<date year="2019" month="August"/> <date year="2019"/>
</front> </front>
</reference> </reference>
<reference anchor="IMB"> <reference anchor="IMB">
<front> <front>
<title>Authentication and authenticated key exchanges</title> <title>Authentication and authenticated key exchanges</title>
<author fullname="Whitfield Diffie" initials="W." surname="Diffie"> <author fullname="Whitfield Diffie" initials="W." surname="Diffie">
<organization/> <organization/>
</author> </author>
<author fullname="Paul C. Van Oorschot" initials="P." surname="Van O orschot"> <author fullname="Paul C. Van Oorschot" initials="P." surname="Van O orschot">
<organization/> <organization/>
</author> </author>
<author fullname="Michael J. Wiener" initials="M." surname="Wiener"> <author fullname="Michael J. Wiener" initials="M." surname="Wiener">
<organization/> <organization/>
</author> </author>
<date month="June" year="1992"/> <date month="June" year="1992"/>
</front> </front>
<seriesInfo name="DOI" value="10.1007/bf00124891"/> <seriesInfo name="Designs, Codes and Cryptography" value="Vol. 2, pp.
<refcontent>Designs, Codes and Cryptography, Vol. 2, pp. 107-125</refc 107-125"/>
ontent> <seriesInfo name="DOI" value="10.1007/bf00124891"/>
</reference> </reference>
<reference anchor="LGR20" target="https://eprint.iacr.org/2020/1491">
<reference anchor="LGR20">
<front> <front>
<title>Partitioning Oracle Attacks</title> <title>Partitioning Oracle Attacks</title>
<author initials="J." surname="Len" fullname="Julia Len"> <author initials="J." surname="Len" fullname="Julia Len">
<organization>Cornell Tech</organization> <organization>Cornell Tech</organization>
</author> </author>
<author initials="P." surname="Grubbs" fullname="Paul Grubbs"> <author initials="P." surname="Grubbs" fullname="Paul Grubbs">
<organization>Cornell Tech</organization> <organization>Cornell Tech</organization>
</author> </author>
<author initials="T." surname="Ristenpart" fullname="Thomas Ristenpa rt"> <author initials="T." surname="Ristenpart" fullname="Thomas Ristenpa rt">
<organization>Cornell Tech</organization> <organization>Cornell Tech</organization>
</author> </author>
<date year="2021"/>
</front> </front>
</reference> </reference>
<reference anchor="TestVectors" target="https://github.com/cfrg/draft-ir tf-cfrg-hpke/blob/5f503c564da00b0687b3de75f1dfbdfc4079ad31/test-vectors.json"> <reference anchor="TestVectors" target="https://github.com/cfrg/draft-ir tf-cfrg-hpke/blob/5f503c564da00b0687b3de75f1dfbdfc4079ad31/test-vectors.json">
<front> <front>
<title>HPKE Test Vectors</title> <title>HPKE Test Vectors</title>
<author> <author>
<organization/> <organization/>
</author> </author>
<date year="2021"/>
</front> </front>
</reference> </reference>
<reference anchor="keyagreement"> <reference anchor="keyagreement">
<front> <front>
<title>Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography</title> <title>Recommendation for pair-wise key-establishment schemes using discrete logarithm cryptography</title>
<author fullname="Elaine Barker" initials="E." surname="Barker"> <author fullname="Elaine Barker" initials="E." surname="Barker">
<organization/> <organization/>
</author> </author>
<author fullname="Lily Chen" initials="L." surname="Chen"> <author fullname="Lily Chen" initials="L." surname="Chen">
<organization/> <organization/>
</author> </author>
<author fullname="Allen Roginsky" initials="A." surname="Roginsky"> <author fullname="Allen Roginsky" initials="A." surname="Roginsky">
<organization/> <organization/>
</author> </author>
<author fullname="Apostol Vassilev" initials="A." surname="Vassilev" > <author fullname="Apostol Vassilev" initials="A." surname="Vassilev" >
<organization/> <organization/>
</author> </author>
<author fullname="Richard Davis" initials="R." surname="Davis"> <author fullname="Richard Davis" initials="R." surname="Davis">
<organization/> <organization/>
</author> </author>
<date month="April" year="2018"/> <date month="April" year="2018"/>
</front> </front>
<seriesInfo name="DOI" value="10.6028/nist.sp.800-56ar3"/> <seriesInfo name="National Institute of Standards and Technology" valu
<refcontent>NIST Special Publication 800-56A Revision 3</refcontent> e="report"/>
<seriesInfo name="DOI" value="10.6028/nist.sp.800-56ar3"/>
</reference> </reference>
<reference anchor="NISTCurves"> <reference anchor="NISTCurves">
<front> <front>
<title>Digital Signature Standard (DSS)</title> <title>Digital Signature Standard (DSS)</title>
<author> <author>
<organization>National Institute of Standards and Technology <organization/>
(NIST)</organization>
</author> </author>
<date month="July" year="2013"/> <date month="July" year="2013"/>
</front> </front>
<seriesInfo name="DOI" value="10.6028/nist.fips.186-4"/> <seriesInfo name="National Institute of Standards and Technology" valu
<seriesInfo name="FIPS PUB" value="186-4"/> e="report"/>
<seriesInfo name="DOI" value="10.6028/nist.fips.186-4"/>
</reference> </reference>
<reference anchor="GCM"> <reference anchor="GCM">
<front> <front>
<title>Recommendation for Block Cipher Modes of Operation: Galois/Co <title>Recommendation for block cipher modes of operation :: GaloisC
unter Mode (GCM) and GMAC</title> ounter Mode (GCM) and GMAC</title>
<author fullname="M. J. Dworkin" initials="M." surname="Dworkin"> <author fullname="M J Dworkin" initials="M." surname="Dworkin">
<organization/> <organization/>
</author> </author>
<date year="2007" month="November"/> <date year="2007"/>
</front> </front>
<seriesInfo name="DOI" value="10.6028/nist.sp.800-38d"/> <seriesInfo name="National Institute of Standards and Technology" valu
<seriesInfo name="SP" value="800-38D"/> e="report"/>
<seriesInfo name="DOI" value="10.6028/nist.sp.800-38d"/>
</reference> </reference>
<reference anchor="NaCl" target="https://nacl.cr.yp.to/box.html"> <reference anchor="NaCl" target="https://nacl.cr.yp.to/box.html">
<front> <front>
<title>Public-key authenticated encryption: crypto_box</title> <title>Public-key authenticated encryption: crypto_box</title>
<author> <author>
<organization/> <organization/>
</author> </author>
<date year="2019" month="March"/> <date year="2019"/>
</front> </front>
</reference> </reference>
<reference anchor="RFC1421" target="https://www.rfc-editor.org/info/rfc1
421">
<front>
<title>Privacy Enhancement for Internet Electronic Mail: Part I: Mes
sage Encryption and Authentication Procedures</title>
<author fullname="J. Linn" initials="J." surname="Linn">
<organization/>
</author>
<date month="February" year="1993"/>
<abstract>
<t>This document defines message encryption and authentication pro
cedures, in order to provide privacy-enhanced mail (PEM) services for electronic
mail transfer in the Internet. [STANDARDS-TRACK]</t>
</abstract>
</front>
<seriesInfo name="RFC" value="1421"/>
<seriesInfo name="DOI" value="10.17487/RFC1421"/>
</reference>
<reference anchor="I-D.ietf-mls-protocol" target="https://www.ietf.org/a
rchive/id/draft-ietf-mls-protocol-12.txt">
<front>
<title>The Messaging Layer Security (MLS) Protocol</title>
<author fullname="Richard Barnes">
<organization>Cisco</organization>
</author>
<author fullname="Benjamin Beurdouche">
<organization>Inria &amp; Mozilla</organization>
</author>
<author fullname="Raphael Robert">
</author>
<author fullname="Jon Millican">
<organization>Facebook</organization>
</author>
<author fullname="Emad Omara">
<organization>Google</organization>
</author>
<author fullname="Katriel Cohn-Gordon">
<organization>University of Oxford</organization>
</author>
<date day="11" month="October" year="2021"/>
<abstract>
<t> Messaging applications are increasingly making use of end-to
-end
security mechanisms to ensure that messages are only accessible to
the communicating endpoints, and not to any servers involved in
delivering messages. Establishing keys to provide such protections
is challenging for group chat settings, in which more than two
clients need to agree on a key but may not be online at the same
time. In this document, we specify a key establishment protocol that
provides efficient asynchronous group key establishment with forward
secrecy and post-compromise security for groups in size ranging from
two to thousands.
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.1421. </t>
xml"/> </abstract>
</front>
<!-- [I-D.ietf-mls-protocol] IESG state I-D Exists --> <seriesInfo name="Internet-Draft" value="draft-ietf-mls-protocol-12"/>
</reference>
<xi:include href="https://datatracker.ietf.org/doc/bibxml3/reference.I-D.ietf-ml <reference anchor="I-D.ietf-tls-esni" target="https://www.ietf.org/archi
s-protocol.xml"/> ve/id/draft-ietf-tls-esni-13.txt">
<front>
<title>TLS Encrypted Client Hello</title>
<author fullname="Eric Rescorla">
<organization>RTFM, Inc.</organization>
</author>
<author fullname="Kazuho Oku">
<organization>Fastly</organization>
</author>
<author fullname="Nick Sullivan">
<organization>Cloudflare</organization>
</author>
<author fullname="Christopher A. Wood">
<organization>Cloudflare</organization>
</author>
<date day="12" month="August" year="2021"/>
<abstract>
<t> This document describes a mechanism in Transport Layer Secur
ity (TLS)
for encrypting a ClientHello message under a server public key.
<!-- [I-D.ietf-tls-esni] IESG state I-D Exists --> Discussion Venues
<xi:include href="https://datatracker.ietf.org/doc/bibxml3/reference.I-D.ietf-tl s-esni.xml"/> This note is to be removed before publishing as an RFC.
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7748. Source for this draft and an issue tracker can be found at
xml"/> https://github.com/tlswg/draft-ietf-tls-esni
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8446. (https://github.com/tlswg/draft-ietf-tls-esni).
xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5869.
xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8439.
xml"/>
</t>
</abstract>
</front>
<seriesInfo name="Internet-Draft" value="draft-ietf-tls-esni-13"/>
</reference>
<reference anchor="RFC7748" target="https://www.rfc-editor.org/info/rfc7
748">
<front>
<title>Elliptic Curves for Security</title>
<author fullname="A. Langley" initials="A." surname="Langley">
<organization/>
</author>
<author fullname="M. Hamburg" initials="M." surname="Hamburg">
<organization/>
</author>
<author fullname="S. Turner" initials="S." surname="Turner">
<organization/>
</author>
<date month="January" year="2016"/>
<abstract>
<t>This memo specifies two elliptic curves over prime fields that
offer a high level of practical security in cryptographic applications, includin
g Transport Layer Security (TLS). These curves are intended to operate at the ~
128-bit and ~224-bit security level, respectively, and are generated determinist
ically based on a list of required properties.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="7748"/>
<seriesInfo name="DOI" value="10.17487/RFC7748"/>
</reference>
<reference anchor="RFC8446" target="https://www.rfc-editor.org/info/rfc8
446">
<front>
<title>The Transport Layer Security (TLS) Protocol Version 1.3</titl
e>
<author fullname="E. Rescorla" initials="E." surname="Rescorla">
<organization/>
</author>
<date month="August" year="2018"/>
<abstract>
<t>This document specifies version 1.3 of the Transport Layer Secu
rity (TLS) protocol. TLS allows client/server applications to communicate over
the Internet in a way that is designed to prevent eavesdropping, tampering, and
message forgery.</t>
<t>This document updates RFCs 5705 and 6066, and obsoletes RFCs 50
77, 5246, and 6961. This document also specifies new requirements for TLS 1.2 i
mplementations.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="8446"/>
<seriesInfo name="DOI" value="10.17487/RFC8446"/>
</reference>
<reference anchor="RFC5869" target="https://www.rfc-editor.org/info/rfc5
869">
<front>
<title>HMAC-based Extract-and-Expand Key Derivation Function (HKDF)<
/title>
<author fullname="H. Krawczyk" initials="H." surname="Krawczyk">
<organization/>
</author>
<author fullname="P. Eronen" initials="P." surname="Eronen">
<organization/>
</author>
<date month="May" year="2010"/>
<abstract>
<t>This document specifies a simple Hashed Message Authentication
Code (HMAC)-based key derivation function (HKDF), which can be used as a buildin
g block in various protocols and applications. The key derivation function (KDF
) is intended to support a wide range of applications and requirements, and is c
onservative in its use of cryptographic hash functions. This document is not an
Internet Standards Track specification; it is published for informational pur
poses.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="5869"/>
<seriesInfo name="DOI" value="10.17487/RFC5869"/>
</reference>
<reference anchor="RFC8439" target="https://www.rfc-editor.org/info/rfc8
439">
<front>
<title>ChaCha20 and Poly1305 for IETF Protocols</title>
<author fullname="Y. Nir" initials="Y." surname="Nir">
<organization/>
</author>
<author fullname="A. Langley" initials="A." surname="Langley">
<organization/>
</author>
<date month="June" year="2018"/>
<abstract>
<t>This document defines the ChaCha20 stream cipher as well as the
use of the Poly1305 authenticator, both as stand-alone algorithms and as a "com
bined mode", or Authenticated Encryption with Associated Data (AEAD) algorithm.<
/t>
<t>RFC 7539, the predecessor of this document, was meant to serve
as a stable reference and an implementation guide. It was a product of the Cryp
to Forum Research Group (CFRG). This document merges the errata filed against R
FC 7539 and adds a little text to the Security Considerations section.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="8439"/>
<seriesInfo name="DOI" value="10.17487/RFC8439"/>
</reference>
<reference anchor="BJM97"> <reference anchor="BJM97">
<front> <front>
<title>Key agreement protocols and their security analysis: Extended Abstract</title> <title>Key agreement protocols and their security analysis: Extended Abstract</title>
<author fullname="Simon Blake-Wilson" initials="S." surname="Blake-W ilson"> <author fullname="Simon Blake-Wilson" initials="S." surname="Blake-W ilson">
<organization/> <organization/>
</author> </author>
<author fullname="Don Johnson" initials="D." surname="Johnson"> <author fullname="Don Johnson" initials="D." surname="Johnson">
<organization/> <organization/>
</author> </author>
<author fullname="Alfred Menezes" initials="A." surname="Menezes"> <author fullname="Alfred Menezes" initials="A." surname="Menezes">
<organization/> <organization/>
</author> </author>
<date year="2005" month="June"/> <date year="1997"/>
</front> </front>
<seriesInfo name="DOI" value="10.1007/bfb0024447"/> <seriesInfo name="Crytography and Coding" value="pp. 30-45"/>
<refcontent>Crytography and Coding, pp. 30-45</refcontent> <seriesInfo name="DOI" value="10.1007/bfb0024447"/>
</reference> </reference>
<reference anchor="RFC8696" target="https://www.rfc-editor.org/info/rfc8
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8696. 696">
xml"/> <front>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8937. <title>Using Pre-Shared Key (PSK) in the Cryptographic Message Synta
xml"/> x (CMS)</title>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8467. <author fullname="R. Housley" initials="R." surname="Housley">
xml"/> <organization/>
</author>
</references> <date month="December" year="2019"/>
<abstract>
<t>The invention of a large-scale quantum computer would pose a se
rious challenge for the cryptographic algorithms that are widely deployed today.
The Cryptographic Message Syntax (CMS) supports key transport and key agreemen
t algorithms that could be broken by the invention of such a quantum computer.
By storing communications that are protected with the CMS today, someone could d
ecrypt them in the future when a large-scale quantum computer becomes available.
Once quantum-secure key management algorithms are available, the CMS will be e
xtended to support the new algorithms if the existing syntax does not accommodat
e them. This document describes a mechanism to protect today's communication fr
om the future invention of a large-scale quantum computer by mixing the output o
f key transport and key agreement algorithms with a pre-shared key.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="8696"/>
<seriesInfo name="DOI" value="10.17487/RFC8696"/>
</reference>
<reference anchor="RFC8937" target="https://www.rfc-editor.org/info/rfc8
937">
<front>
<title>Randomness Improvements for Security Protocols</title>
<author fullname="C. Cremers" initials="C." surname="Cremers">
<organization/>
</author>
<author fullname="L. Garratt" initials="L." surname="Garratt">
<organization/>
</author>
<author fullname="S. Smyshlyaev" initials="S." surname="Smyshlyaev">
<organization/>
</author>
<author fullname="N. Sullivan" initials="N." surname="Sullivan">
<organization/>
</author>
<author fullname="C. Wood" initials="C." surname="Wood">
<organization/>
</author>
<date month="October" year="2020"/>
<abstract>
<t>Randomness is a crucial ingredient for Transport Layer Security
(TLS) and related security protocols. Weak or predictable "cryptographically s
ecure" pseudorandom number generators (CSPRNGs) can be abused or exploited for m
alicious purposes. An initial entropy source that seeds a CSPRNG might be weak o
r broken as well, which can also lead to critical and systemic security problems
. This document describes a way for security protocol implementations to augment
their CSPRNGs using long-term private keys. This improves randomness from broke
n or otherwise subverted CSPRNGs.</t>
<t>This document is a product of the Crypto Forum Research Group (
CFRG) in the IRTF.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="8937"/>
<seriesInfo name="DOI" value="10.17487/RFC8937"/>
</reference>
<reference anchor="RFC8467" target="https://www.rfc-editor.org/info/rfc8
467">
<front>
<title>Padding Policies for Extension Mechanisms for DNS (EDNS(0))</
title>
<author fullname="A. Mayrhofer" initials="A." surname="Mayrhofer">
<organization/>
</author>
<date month="October" year="2018"/>
<abstract>
<t>RFC 7830 specifies the "Padding" option for Extension Mechanism
s for DNS (EDNS(0)) but does not specify the actual padding length for specific
applications. This memo lists the possible options ("padding policies"), discus
ses the implications of each option, and provides a recommended (experimental) o
ption.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="8467"/>
<seriesInfo name="DOI" value="10.17487/RFC8467"/>
</reference>
</references>
</references> </references>
<section anchor="acknowledgements" numbered="true" toc="default">
<name>Acknowledgements</name>
<t>The authors would like to thank Joel Alwen, Jean-Philippe Aumasson, Dav
id
Benjamin, Benjamin Beurdouche, Bruno Blanchet, Frank Denis, Stephen Farrell,
Scott Fluhrer, Eduard Hauck, Scott Hollenbeck, Kevin Jacobs, Burt Kaliski, Eike
Kiltz, Julia Len, John Mattsson, Christopher Patton, Doreen Riepel, Raphael
Robert, Michael Rosenberg, Michael Scott, Martin Thomson, Steven Valdez, Riad
Wahby, and other contributors in the CFRG for helpful feedback that greatly
improved this document.</t>
</section>
<section anchor="test-vectors" numbered="true" toc="default"> <section anchor="test-vectors" numbered="true" toc="default">
<name>Test Vectors</name> <name>Test Vectors</name>
<t>Each section below contains test vectors for a single HPKE ciphersuite and <t>Each section below contains test vectors for a single HPKE ciphersuite and
contains the following values:</t> contains the following values:</t>
<ol spacing="normal" type="1"> <ol spacing="normal" type="1"><li>Configuration information and private ke
<li>Configuration information and private key material: This includes th y material: This includes the <tt>mode</tt>, <tt>info</tt> string, HPKE
e ciphersuite identifiers (<tt>kem_id</tt>, <tt>kdf_id</tt>, <tt>aead_id</tt>), an
<tt>mode</tt>, <tt>info</tt> string, HPKE ciphersuite d all
identifiers (<tt>kem_id</tt>, <tt>kdf_id</tt>, and <tt>aead_id</tt>), and sender, recipient, and ephemeral key material. For each role X,
all where X is one of S, R, or E, as sender, recipient, and ephemeral,
sender, recipient, and ephemeral key material. For each role X, where X i respectively, key pairs are generated as <tt>(skX, pkX) = DeriveKeyPair(ikmX)</t
s one of t>.
S, R, or E, as sender, recipient, and ephemeral, respectively, key pairs Each key pair <tt>(skX, pkX)</tt> is written in its serialized form, where
are <tt>skXm = SerializePrivateKey(skX)</tt> and <tt>pkXm = SerializePublicKey(pkX)<
generated as <tt>(skX, pkX) = DeriveKeyPair(ikmX)</tt>. Each key pair <tt /tt>.
>(skX, For applicable modes, the shared PSK and PSK identifier are also included.</li>
pkX)</tt> is written in its serialized form, where <tt>skXm = <li>Context creation intermediate values and outputs: This includes the
SerializePrivateKey(skX)</tt> and <tt>pkXm = SerializePublicKey(pkX)</tt> KEM outputs <tt>enc</tt> and <tt>shared_secret</tt> used to create the context,
. For along
applicable modes, the shared PSK and PSK identifier are also included.</l with intermediate values <tt>key_schedule_context</tt> and <tt>secret</tt> compu
i> ted
<li>Context creation intermediate values and outputs: This includes the K in the KeySchedule function in <xref target="encryption-context" format="default
EM outputs "/>. The outputs
<tt>enc</tt> and <tt>shared_secret</tt> used to include the context values <tt>key</tt>, <tt>base_nonce</tt>, and <tt>exporter_s
create the context, along with intermediate values <tt>key_schedule_conte ecret</tt>.</li>
xt</tt>
and <tt>secret</tt> computed in the KeySchedule function in <xref
target="encryption-context" format="default"/>. The outputs include the c
ontext
values <tt>key</tt>, <tt>base_nonce</tt>, and <tt>exporter_secret</tt>.</
li>
<li>Encryption test vectors: A fixed plaintext message is encrypted usin g <li>Encryption test vectors: A fixed plaintext message is encrypted usin g
different sequence numbers and AAD values using the context computed in i different sequence numbers and AAD values using the context computed in (2).
tem 2. Each test vector lists the sequence number and corresponding nonce computed
Each test vector lists the sequence number and corresponding nonce comput with <tt>base_nonce</tt>, the plaintext message <tt>pt</tt>, AAD <tt>aad</tt>, a
ed nd output
with <tt>base_nonce</tt>, the plaintext message <tt>pt</tt>, AAD <tt>aad< ciphertext <tt>ct</tt>.</li>
/tt>, and </ol>
output ciphertext <tt>ct</tt>.</li> <ol spacing="normal" type="1"><li>Export test vectors: Several exported va
lues of the same length with differing
<!--[rfced] FYI, the text rendering of the <tt> element was changed context parameters are computed using the context computed in (2). Each test
in Sept. 2021 (xml2rfc release 3.10.0). <tt> no longer yields quotation
marks in the text rendering. In light of this, please review and let us
know if you want to make any changes (e.g., add quotation marks that
would be in all 3 output formats). For example:
Original:
Each test vector lists the sequence number and
corresponding nonce computed with "base_nonce", the plaintext
message "pt", AAD "aad", and output ciphertext "ct".
Current text:
Each test vector lists the sequence
number and corresponding nonce computed with base_nonce, the
plaintext message pt, AAD aad, and output ciphertext ct.
If you decide to add parentheses similar to usage in Section 9.9:
Each test vector lists the sequence
number and corresponding nonce computed with base_nonce, the
plaintext message (pt), AAD (aad), and output ciphertext (ct).
Side note: <tt> yields fixed-width font in the HTML and PDF files.
This alternative diff file has been provided so that you can review
changes without the noise of the quotation marks being removed due
to this change to the rendering of <tt>:
https://www.rfc-editor.org/authors/rfc9180-alt-diff.html
<li>Export test vectors: Several exported values of the same length with differi
ng
context parameters are computed using the context computed in item 2. Each test
vector lists the <tt>exporter_context</tt>, output length <tt>L</tt>, and result ing export vector lists the <tt>exporter_context</tt>, output length <tt>L</tt>, and result ing export
value.</li> value.</li>
</ol> </ol>
<t>These test vectors are also available in JSON format at <xref target="T estVectors" format="default"/>.</t> <t>These test vectors are also available in JSON format at <xref target="T estVectors" format="default"/>.</t>
<section anchor="dhkemx25519-hkdf-sha256-hkdf-sha256-aes-128-gcm" numbered ="true" toc="default"> <section anchor="dhkemx25519-hkdf-sha256-hkdf-sha256-aes-128-gcm" numbered ="true" toc="default">
<!--[rfced] In Appendix A, there are a number of lines that exceed the
69-character limit for a sourcecode element. Please review and let us
know how these lines can be modified.
Our understanding is that test vectors should be marked as <sourcecode>,
with or without the type set to “test-vectors”. If you strongly prefer
<artwork>, please let us know.
<name>DHKEM(X25519, HKDF-SHA256), HKDF-SHA256, AES-128-GCM</name> <name>DHKEM(X25519, HKDF-SHA256), HKDF-SHA256, AES-128-GCM</name>
<section anchor="base-setup-information" numbered="true" toc="default"> <section anchor="base-setup-information" numbered="true" toc="default">
<name>Base Setup Information</name> <name>Base Setup Information</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
mode: 0 mode: 0
kem_id: 32 kem_id: 32
kdf_id: 1 kdf_id: 1
aead_id: 1 aead_id: 1
info: 4f6465206f6e2061204772656369616e2055726e info: 4f6465206f6e2061204772656369616e2055726e
ikmE: 7268600d403fce431561aef583ee1613527cff655c1343f29812e66706df3234 ikmE:
pkEm: 37fda3567bdbd628e88668c3c8d7e97d1d1253b6d4ea6d44c150f741f1bf4431 7268600d403fce431561aef583ee1613527cff655c1343f29812e66706df3234
skEm: 52c4a758a802cd8b936eceea314432798d5baf2d7e9235dc084ab1b9cfa2f736 pkEm:
ikmR: 6db9df30aa07dd42ee5e8181afdb977e538f5e1fec8a06223f33f7013e525037 37fda3567bdbd628e88668c3c8d7e97d1d1253b6d4ea6d44c150f741f1bf4431
pkRm: 3948cfe0ad1ddb695d780e59077195da6c56506b027329794ab02bca80815c4d skEm:
skRm: 4612c550263fc8ad58375df3f557aac531d26850903e55a9f23f21d8534e8ac8 52c4a758a802cd8b936eceea314432798d5baf2d7e9235dc084ab1b9cfa2f736
enc: 37fda3567bdbd628e88668c3c8d7e97d1d1253b6d4ea6d44c150f741f1bf4431 ikmR:
6db9df30aa07dd42ee5e8181afdb977e538f5e1fec8a06223f33f7013e525037
pkRm:
3948cfe0ad1ddb695d780e59077195da6c56506b027329794ab02bca80815c4d
skRm:
4612c550263fc8ad58375df3f557aac531d26850903e55a9f23f21d8534e8ac8
enc:
37fda3567bdbd628e88668c3c8d7e97d1d1253b6d4ea6d44c150f741f1bf4431
shared_secret: shared_secret:
fe0e18c9f024ce43799ae393c7e8fe8fce9d218875e8227b0187c04e7d2ea1fc fe0e18c9f024ce43799ae393c7e8fe8fce9d218875e8227b0187c04e7d2ea1fc
key_schedule_context: 00725611c9d98c07c03f60095cd32d400d8347d45ed67097bb key_schedule_context: 00725611c9d98c07c03f60095cd32d400d8347d45ed670
ad50fc56da742d07cb6cffde367bb0565ba28bb02c90744a20f5ef37f30523526106f637 97bbad50fc56da742d07cb6cffde367bb0565ba28bb02c90744a20f5ef37f3052352
abb05449 6106f637abb05449
secret: 12fff91991e93b48de37e7daddb52981084bd8aa64289c3788471d9a9712f397 secret:
12fff91991e93b48de37e7daddb52981084bd8aa64289c3788471d9a9712f397
key: 4531685d41d65f03dc48f6b8302c05b0 key: 4531685d41d65f03dc48f6b8302c05b0
base_nonce: 56d890e5accaaf011cff4b7d base_nonce: 56d890e5accaaf011cff4b7d
exporter_secret: exporter_secret:
45ff1c2e220db587171952c0592d5f5ebe103f1561a2614e38f2ffd47e99e3f8 45ff1c2e220db587171952c0592d5f5ebe103f1561a2614e38f2ffd47e99e3f8
]]></sourcecode> ]]></artwork>
<section anchor="encryptions" numbered="true" toc="default"> <section anchor="encryptions" numbered="true" toc="default">
<name>Encryptions</name> <name>Encryptions</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
sequence number: 0 sequence number: 0
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d30 aad: 436f756e742d30
nonce: 56d890e5accaaf011cff4b7d nonce: 56d890e5accaaf011cff4b7d
ct: f938558b5d72f1a23810b4be2ab4f84331acc02fc97babc53a52ae8218a355a96d87 ct: f938558b5d72f1a23810b4be2ab4f84331acc02fc97babc53a52ae8218a355a9
70ac83d07bea87e13c512a 6d8770ac83d07bea87e13c512a
sequence number: 1 sequence number: 1
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d31 aad: 436f756e742d31
nonce: 56d890e5accaaf011cff4b7c nonce: 56d890e5accaaf011cff4b7c
ct: af2d7e9ac9ae7e270f46ba1f975be53c09f8d875bdc8535458c2494e8a6eab251c03 ct: af2d7e9ac9ae7e270f46ba1f975be53c09f8d875bdc8535458c2494e8a6eab25
d0c22a56b8ca42c2063b84 1c03d0c22a56b8ca42c2063b84
sequence number: 2 sequence number: 2
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d32 aad: 436f756e742d32
nonce: 56d890e5accaaf011cff4b7f nonce: 56d890e5accaaf011cff4b7f
ct: 498dfcabd92e8acedc281e85af1cb4e3e31c7dc394a1ca20e173cb72516491588d96 ct: 498dfcabd92e8acedc281e85af1cb4e3e31c7dc394a1ca20e173cb7251649158
a19ad4a683518973dcc180 8d96a19ad4a683518973dcc180
sequence number: 4 sequence number: 4
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d34 aad: 436f756e742d34
nonce: 56d890e5accaaf011cff4b79 nonce: 56d890e5accaaf011cff4b79
ct: 583bd32bc67a5994bb8ceaca813d369bca7b2a42408cddef5e22f880b631215a09fc ct: 583bd32bc67a5994bb8ceaca813d369bca7b2a42408cddef5e22f880b631215a
0012bc69fccaa251c0246d 09fc0012bc69fccaa251c0246d
sequence number: 255 sequence number: 255
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d323535 aad: 436f756e742d323535
nonce: 56d890e5accaaf011cff4b82 nonce: 56d890e5accaaf011cff4b82
ct: 7175db9717964058640a3a11fb9007941a5d1757fda1a6935c805c21af32505bf106 ct: 7175db9717964058640a3a11fb9007941a5d1757fda1a6935c805c21af32505b
deefec4a49ac38d71c9e0a f106deefec4a49ac38d71c9e0a
sequence number: 256 sequence number: 256
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d323536 aad: 436f756e742d323536
nonce: 56d890e5accaaf011cff4a7d nonce: 56d890e5accaaf011cff4a7d
ct: 957f9800542b0b8891badb026d79cc54597cb2d225b54c00c5238c25d05c30e3fbed ct: 957f9800542b0b8891badb026d79cc54597cb2d225b54c00c5238c25d05c30e3
a97d2e0e1aba483a2df9f2 fbeda97d2e0e1aba483a2df9f2
]]></sourcecode> ]]></artwork>
</section> </section>
<section anchor="exported-values" numbered="true" toc="default"> <section anchor="exported-values" numbered="true" toc="default">
<name>Exported Values</name> <name>Exported Values</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
exporter_context: exporter_context:
L: 32 L: 32
exported_value: exported_value:
3853fe2b4035195a573ffc53856e77058e15d9ea064de3e59f4961d0095250ee 3853fe2b4035195a573ffc53856e77058e15d9ea064de3e59f4961d0095250ee
exporter_context: 00 exporter_context: 00
L: 32 L: 32
exported_value: exported_value:
2e8f0b54673c7029649d4eb9d5e33bf1872cf76d623ff164ac185da9e88c21a5 2e8f0b54673c7029649d4eb9d5e33bf1872cf76d623ff164ac185da9e88c21a5
exporter_context: 54657374436f6e74657874 exporter_context: 54657374436f6e74657874
L: 32 L: 32
exported_value: exported_value:
e9e43065102c3836401bed8c3c3c75ae46be1639869391d62c61f1ec7af54931 e9e43065102c3836401bed8c3c3c75ae46be1639869391d62c61f1ec7af54931
]]></sourcecode> ]]></artwork>
</section> </section>
</section> </section>
<section anchor="psk-setup-information" numbered="true" toc="default"> <section anchor="psk-setup-information" numbered="true" toc="default">
<name>PSK Setup Information</name> <name>PSK Setup Information</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
mode: 1 mode: 1
kem_id: 32 kem_id: 32
kdf_id: 1 kdf_id: 1
aead_id: 1 aead_id: 1
info: 4f6465206f6e2061204772656369616e2055726e info: 4f6465206f6e2061204772656369616e2055726e
ikmE: 78628c354e46f3e169bd231be7b2ff1c77aa302460a26dbfa15515684c00130b ikmE:
pkEm: 0ad0950d9fb9588e59690b74f1237ecdf1d775cd60be2eca57af5a4b0471c91b 78628c354e46f3e169bd231be7b2ff1c77aa302460a26dbfa15515684c00130b
skEm: 463426a9ffb42bb17dbe6044b9abd1d4e4d95f9041cef0e99d7824eef2b6f588 pkEm:
ikmR: d4a09d09f575fef425905d2ab396c1449141463f698f8efdb7accfaff8995098 0ad0950d9fb9588e59690b74f1237ecdf1d775cd60be2eca57af5a4b0471c91b
pkRm: 9fed7e8c17387560e92cc6462a68049657246a09bfa8ade7aefe589672016366 skEm:
skRm: c5eb01eb457fe6c6f57577c5413b931550a162c71a03ac8d196babbd4e5ce0fd 463426a9ffb42bb17dbe6044b9abd1d4e4d95f9041cef0e99d7824eef2b6f588
psk: 0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82 ikmR:
d4a09d09f575fef425905d2ab396c1449141463f698f8efdb7accfaff8995098
pkRm:
9fed7e8c17387560e92cc6462a68049657246a09bfa8ade7aefe589672016366
skRm:
c5eb01eb457fe6c6f57577c5413b931550a162c71a03ac8d196babbd4e5ce0fd
psk:
0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82
psk_id: 456e6e796e20447572696e206172616e204d6f726961 psk_id: 456e6e796e20447572696e206172616e204d6f726961
enc: 0ad0950d9fb9588e59690b74f1237ecdf1d775cd60be2eca57af5a4b0471c91b enc:
0ad0950d9fb9588e59690b74f1237ecdf1d775cd60be2eca57af5a4b0471c91b
shared_secret: shared_secret:
727699f009ffe3c076315019c69648366b69171439bd7dd0807743bde76986cd 727699f009ffe3c076315019c69648366b69171439bd7dd0807743bde76986cd
key_schedule_context: 01e78d5cf6190d275863411ff5edd0dece5d39fa48e04eec1e key_schedule_context: 01e78d5cf6190d275863411ff5edd0dece5d39fa48e04e
d9b71be34729d18ccb6cffde367bb0565ba28bb02c90744a20f5ef37f30523526106f637 ec1ed9b71be34729d18ccb6cffde367bb0565ba28bb02c90744a20f5ef37f3052352
abb05449 6106f637abb05449
secret: 3728ab0b024b383b0381e432b47cced1496d2516957a76e2a9f5c8cb947afca4 secret:
3728ab0b024b383b0381e432b47cced1496d2516957a76e2a9f5c8cb947afca4
key: 15026dba546e3ae05836fc7de5a7bb26 key: 15026dba546e3ae05836fc7de5a7bb26
base_nonce: 9518635eba129d5ce0914555 base_nonce: 9518635eba129d5ce0914555
exporter_secret: exporter_secret:
3d76025dbbedc49448ec3f9080a1abab6b06e91c0b11ad23c912f043a0ee7655 3d76025dbbedc49448ec3f9080a1abab6b06e91c0b11ad23c912f043a0ee7655
]]></sourcecode> ]]></artwork>
<section anchor="encryptions-1" numbered="true" toc="default"> <section anchor="encryptions-1" numbered="true" toc="default">
<name>Encryptions</name> <name>Encryptions</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
sequence number: 0 sequence number: 0
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d30 aad: 436f756e742d30
nonce: 9518635eba129d5ce0914555 nonce: 9518635eba129d5ce0914555
ct: e52c6fed7f758d0cf7145689f21bc1be6ec9ea097fef4e959440012f4feb73fb611b ct: e52c6fed7f758d0cf7145689f21bc1be6ec9ea097fef4e959440012f4feb73fb
946199e681f4cfc34db8ea 611b946199e681f4cfc34db8ea
sequence number: 1 sequence number: 1
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d31 aad: 436f756e742d31
nonce: 9518635eba129d5ce0914554 nonce: 9518635eba129d5ce0914554
ct: 49f3b19b28a9ea9f43e8c71204c00d4a490ee7f61387b6719db765e948123b45b616 ct: 49f3b19b28a9ea9f43e8c71204c00d4a490ee7f61387b6719db765e948123b45
33ef059ba22cd62437c8ba b61633ef059ba22cd62437c8ba
sequence number: 2 sequence number: 2
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d32 aad: 436f756e742d32
nonce: 9518635eba129d5ce0914557 nonce: 9518635eba129d5ce0914557
ct: 257ca6a08473dc851fde45afd598cc83e326ddd0abe1ef23baa3baa4dd8cde99fce2 ct: 257ca6a08473dc851fde45afd598cc83e326ddd0abe1ef23baa3baa4dd8cde99
c1e8ce687b0b47ead1adc9 fce2c1e8ce687b0b47ead1adc9
sequence number: 4 sequence number: 4
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d34 aad: 436f756e742d34
nonce: 9518635eba129d5ce0914551 nonce: 9518635eba129d5ce0914551
ct: a71d73a2cd8128fcccbd328b9684d70096e073b59b40b55e6419c9c68ae21069c847 ct: a71d73a2cd8128fcccbd328b9684d70096e073b59b40b55e6419c9c68ae21069
e2a70f5d8fb821ce3dfb1c c847e2a70f5d8fb821ce3dfb1c
sequence number: 255 sequence number: 255
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d323535 aad: 436f756e742d323535
nonce: 9518635eba129d5ce09145aa nonce: 9518635eba129d5ce09145aa
ct: 55f84b030b7f7197f7d7d552365b6b932df5ec1abacd30241cb4bc4ccea27bd2b518 ct: 55f84b030b7f7197f7d7d552365b6b932df5ec1abacd30241cb4bc4ccea27bd2
766adfa0fb1b71170e9392 b518766adfa0fb1b71170e9392
sequence number: 256 sequence number: 256
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d323536 aad: 436f756e742d323536
nonce: 9518635eba129d5ce0914455 nonce: 9518635eba129d5ce0914455
ct: c5bf246d4a790a12dcc9eed5eae525081e6fb541d5849e9ce8abd92a3bc1551776be ct: c5bf246d4a790a12dcc9eed5eae525081e6fb541d5849e9ce8abd92a3bc15517
a16b4a518f23e237c14b59 76bea16b4a518f23e237c14b59
]]></sourcecode> ]]></artwork>
</section> </section>
<section anchor="exported-values-1" numbered="true" toc="default"> <section anchor="exported-values-1" numbered="true" toc="default">
<name>Exported Values</name> <name>Exported Values</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
exporter_context: exporter_context:
L: 32 L: 32
exported_value: exported_value:
dff17af354c8b41673567db6259fd6029967b4e1aad13023c2ae5df8f4f43bf6 dff17af354c8b41673567db6259fd6029967b4e1aad13023c2ae5df8f4f43bf6
exporter_context: 00 exporter_context: 00
L: 32 L: 32
exported_value: exported_value:
6a847261d8207fe596befb52928463881ab493da345b10e1dcc645e3b94e2d95 6a847261d8207fe596befb52928463881ab493da345b10e1dcc645e3b94e2d95
exporter_context: 54657374436f6e74657874 exporter_context: 54657374436f6e74657874
L: 32 L: 32
exported_value: exported_value:
8aff52b45a1be3a734bc7a41e20b4e055ad4c4d22104b0c20285a7c4302401cd 8aff52b45a1be3a734bc7a41e20b4e055ad4c4d22104b0c20285a7c4302401cd
]]></sourcecode> ]]></artwork>
</section> </section>
</section> </section>
<section anchor="auth-setup-information" numbered="true" toc="default"> <section anchor="auth-setup-information" numbered="true" toc="default">
<name>Auth Setup Information</name> <name>Auth Setup Information</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
mode: 2 mode: 2
kem_id: 32 kem_id: 32
kdf_id: 1 kdf_id: 1
aead_id: 1 aead_id: 1
info: 4f6465206f6e2061204772656369616e2055726e info: 4f6465206f6e2061204772656369616e2055726e
ikmE: 6e6d8f200ea2fb20c30b003a8b4f433d2f4ed4c2658d5bc8ce2fef718059c9f7 ikmE:
pkEm: 23fb952571a14a25e3d678140cd0e5eb47a0961bb18afcf85896e5453c312e76 6e6d8f200ea2fb20c30b003a8b4f433d2f4ed4c2658d5bc8ce2fef718059c9f7
skEm: ff4442ef24fbc3c1ff86375b0be1e77e88a0de1e79b30896d73411c5ff4c3518 pkEm:
ikmR: f1d4a30a4cef8d6d4e3b016e6fd3799ea057db4f345472ed302a67ce1c20cdec 23fb952571a14a25e3d678140cd0e5eb47a0961bb18afcf85896e5453c312e76
pkRm: 1632d5c2f71c2b38d0a8fcc359355200caa8b1ffdf28618080466c909cb69b2e skEm:
skRm: fdea67cf831f1ca98d8e27b1f6abeb5b7745e9d35348b80fa407ff6958f9137e ff4442ef24fbc3c1ff86375b0be1e77e88a0de1e79b30896d73411c5ff4c3518
ikmS: 94b020ce91d73fca4649006c7e7329a67b40c55e9e93cc907d282bbbff386f58 ikmR:
pkSm: 8b0c70873dc5aecb7f9ee4e62406a397b350e57012be45cf53b7105ae731790b f1d4a30a4cef8d6d4e3b016e6fd3799ea057db4f345472ed302a67ce1c20cdec
skSm: dc4a146313cce60a278a5323d321f051c5707e9c45ba21a3479fecdf76fc69dd pkRm:
enc: 23fb952571a14a25e3d678140cd0e5eb47a0961bb18afcf85896e5453c312e76 1632d5c2f71c2b38d0a8fcc359355200caa8b1ffdf28618080466c909cb69b2e
skRm:
fdea67cf831f1ca98d8e27b1f6abeb5b7745e9d35348b80fa407ff6958f9137e
ikmS:
94b020ce91d73fca4649006c7e7329a67b40c55e9e93cc907d282bbbff386f58
pkSm:
8b0c70873dc5aecb7f9ee4e62406a397b350e57012be45cf53b7105ae731790b
skSm:
dc4a146313cce60a278a5323d321f051c5707e9c45ba21a3479fecdf76fc69dd
enc:
23fb952571a14a25e3d678140cd0e5eb47a0961bb18afcf85896e5453c312e76
shared_secret: shared_secret:
2d6db4cf719dc7293fcbf3fa64690708e44e2bebc81f84608677958c0d4448a7 2d6db4cf719dc7293fcbf3fa64690708e44e2bebc81f84608677958c0d4448a7
key_schedule_context: 02725611c9d98c07c03f60095cd32d400d8347d45ed67097bb key_schedule_context: 02725611c9d98c07c03f60095cd32d400d8347d45ed670
ad50fc56da742d07cb6cffde367bb0565ba28bb02c90744a20f5ef37f30523526106f637 97bbad50fc56da742d07cb6cffde367bb0565ba28bb02c90744a20f5ef37f3052352
abb05449 6106f637abb05449
secret: 56c62333d9d9f7767f5b083fdfce0aa7e57e301b74029bb0cffa7331385f1dda secret:
56c62333d9d9f7767f5b083fdfce0aa7e57e301b74029bb0cffa7331385f1dda
key: b062cb2c4dd4bca0ad7c7a12bbc341e6 key: b062cb2c4dd4bca0ad7c7a12bbc341e6
base_nonce: a1bc314c1942ade7051ffed0 base_nonce: a1bc314c1942ade7051ffed0
exporter_secret: exporter_secret:
ee1a093e6e1c393c162ea98fdf20560c75909653550540a2700511b65c88c6f1 ee1a093e6e1c393c162ea98fdf20560c75909653550540a2700511b65c88c6f1
]]></sourcecode> ]]></artwork>
<section anchor="encryptions-2" numbered="true" toc="default"> <section anchor="encryptions-2" numbered="true" toc="default">
<name>Encryptions</name> <name>Encryptions</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
sequence number: 0 sequence number: 0
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d30 aad: 436f756e742d30
nonce: a1bc314c1942ade7051ffed0 nonce: a1bc314c1942ade7051ffed0
ct: 5fd92cc9d46dbf8943e72a07e42f363ed5f721212cd90bcfd072bfd9f44e06b80fd1 ct: 5fd92cc9d46dbf8943e72a07e42f363ed5f721212cd90bcfd072bfd9f44e06b8
7824947496e21b680c141b 0fd17824947496e21b680c141b
sequence number: 1 sequence number: 1
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d31 aad: 436f756e742d31
nonce: a1bc314c1942ade7051ffed1 nonce: a1bc314c1942ade7051ffed1
ct: d3736bb256c19bfa93d79e8f80b7971262cb7c887e35c26370cfed62254369a1b52e ct: d3736bb256c19bfa93d79e8f80b7971262cb7c887e35c26370cfed62254369a1
3d505b79dd699f002bc8ed b52e3d505b79dd699f002bc8ed
sequence number: 2 sequence number: 2
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d32 aad: 436f756e742d32
nonce: a1bc314c1942ade7051ffed2 nonce: a1bc314c1942ade7051ffed2
ct: 122175cfd5678e04894e4ff8789e85dd381df48dcaf970d52057df2c9acc3b121313 ct: 122175cfd5678e04894e4ff8789e85dd381df48dcaf970d52057df2c9acc3b12
a2bfeaa986050f82d93645 1313a2bfeaa986050f82d93645
sequence number: 4 sequence number: 4
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d34 aad: 436f756e742d34
nonce: a1bc314c1942ade7051ffed4 nonce: a1bc314c1942ade7051ffed4
ct: dae12318660cf963c7bcbef0f39d64de3bf178cf9e585e756654043cc5059873bc8a ct: dae12318660cf963c7bcbef0f39d64de3bf178cf9e585e756654043cc5059873
f190b72afc43d1e0135ada bc8af190b72afc43d1e0135ada
sequence number: 255 sequence number: 255
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d323535 aad: 436f756e742d323535
nonce: a1bc314c1942ade7051ffe2f nonce: a1bc314c1942ade7051ffe2f
ct: 55d53d85fe4d9e1e97903101eab0b4865ef20cef28765a47f840ff99625b7d69dee9 ct: 55d53d85fe4d9e1e97903101eab0b4865ef20cef28765a47f840ff99625b7d69
27df1defa66a036fc58ff2 dee927df1defa66a036fc58ff2
sequence number: 256 sequence number: 256
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d323536 aad: 436f756e742d323536
nonce: a1bc314c1942ade7051fffd0 nonce: a1bc314c1942ade7051fffd0
ct: 42fa248a0e67ccca688f2b1d13ba4ba84755acf764bd797c8f7ba3b9b1dc3330326f ct: 42fa248a0e67ccca688f2b1d13ba4ba84755acf764bd797c8f7ba3b9b1dc3330
8d172fef6003c79ec72319 326f8d172fef6003c79ec72319
]]></sourcecode> ]]></artwork>
</section> </section>
<section anchor="exported-values-2" numbered="true" toc="default"> <section anchor="exported-values-2" numbered="true" toc="default">
<name>Exported Values</name> <name>Exported Values</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
exporter_context: exporter_context:
L: 32 L: 32
exported_value: exported_value:
28c70088017d70c896a8420f04702c5a321d9cbf0279fba899b59e51bac72c85 28c70088017d70c896a8420f04702c5a321d9cbf0279fba899b59e51bac72c85
exporter_context: 00 exporter_context: 00
L: 32 L: 32
exported_value: exported_value:
25dfc004b0892be1888c3914977aa9c9bbaf2c7471708a49e1195af48a6f29ce 25dfc004b0892be1888c3914977aa9c9bbaf2c7471708a49e1195af48a6f29ce
exporter_context: 54657374436f6e74657874 exporter_context: 54657374436f6e74657874
L: 32 L: 32
exported_value: exported_value:
5a0131813abc9a522cad678eb6bafaabc43389934adb8097d23c5ff68059eb64 5a0131813abc9a522cad678eb6bafaabc43389934adb8097d23c5ff68059eb64
]]></sourcecode> ]]></artwork>
</section> </section>
</section> </section>
<section anchor="authpsk-setup-information" numbered="true" toc="default "> <section anchor="authpsk-setup-information" numbered="true" toc="default ">
<name>AuthPSK Setup Information</name> <name>AuthPSK Setup Information</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
mode: 3 mode: 3
kem_id: 32 kem_id: 32
kdf_id: 1 kdf_id: 1
aead_id: 1 aead_id: 1
info: 4f6465206f6e2061204772656369616e2055726e info: 4f6465206f6e2061204772656369616e2055726e
ikmE: 4303619085a20ebcf18edd22782952b8a7161e1dbae6e46e143a52a96127cf84 ikmE:
pkEm: 820818d3c23993492cc5623ab437a48a0a7ca3e9639c140fe1e33811eb844b7c 4303619085a20ebcf18edd22782952b8a7161e1dbae6e46e143a52a96127cf84
skEm: 14de82a5897b613616a00c39b87429df35bc2b426bcfd73febcb45e903490768 pkEm:
ikmR: 4b16221f3b269a88e207270b5e1de28cb01f847841b344b8314d6a622fe5ee90 820818d3c23993492cc5623ab437a48a0a7ca3e9639c140fe1e33811eb844b7c
pkRm: 1d11a3cd247ae48e901939659bd4d79b6b959e1f3e7d66663fbc9412dd4e0976 skEm:
skRm: cb29a95649dc5656c2d054c1aa0d3df0493155e9d5da6d7e344ed8b6a64a9423 14de82a5897b613616a00c39b87429df35bc2b426bcfd73febcb45e903490768
ikmS: 62f77dcf5df0dd7eac54eac9f654f426d4161ec850cc65c54f8b65d2e0b4e345 ikmR:
pkSm: 2bfb2eb18fcad1af0e4f99142a1c474ae74e21b9425fc5c589382c69b50cc57e 4b16221f3b269a88e207270b5e1de28cb01f847841b344b8314d6a622fe5ee90
skSm: fc1c87d2f3832adb178b431fce2ac77c7ca2fd680f3406c77b5ecdf818b119f4 pkRm:
psk: 0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82 1d11a3cd247ae48e901939659bd4d79b6b959e1f3e7d66663fbc9412dd4e0976
skRm:
cb29a95649dc5656c2d054c1aa0d3df0493155e9d5da6d7e344ed8b6a64a9423
ikmS:
62f77dcf5df0dd7eac54eac9f654f426d4161ec850cc65c54f8b65d2e0b4e345
pkSm:
2bfb2eb18fcad1af0e4f99142a1c474ae74e21b9425fc5c589382c69b50cc57e
skSm:
fc1c87d2f3832adb178b431fce2ac77c7ca2fd680f3406c77b5ecdf818b119f4
psk:
0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82
psk_id: 456e6e796e20447572696e206172616e204d6f726961 psk_id: 456e6e796e20447572696e206172616e204d6f726961
enc: 820818d3c23993492cc5623ab437a48a0a7ca3e9639c140fe1e33811eb844b7c enc:
820818d3c23993492cc5623ab437a48a0a7ca3e9639c140fe1e33811eb844b7c
shared_secret: shared_secret:
f9d0e870aba28d04709b2680cb8185466c6a6ff1d6e9d1091d5bf5e10ce3a577 f9d0e870aba28d04709b2680cb8185466c6a6ff1d6e9d1091d5bf5e10ce3a577
key_schedule_context: 03e78d5cf6190d275863411ff5edd0dece5d39fa48e04eec1e key_schedule_context: 03e78d5cf6190d275863411ff5edd0dece5d39fa48e04e
d9b71be34729d18ccb6cffde367bb0565ba28bb02c90744a20f5ef37f30523526106f637 ec1ed9b71be34729d18ccb6cffde367bb0565ba28bb02c90744a20f5ef37f3052352
abb05449 6106f637abb05449
secret: 5f96c55e4108c6691829aaabaa7d539c0b41d7c72aae94ae289752f056b6cec4 secret:
5f96c55e4108c6691829aaabaa7d539c0b41d7c72aae94ae289752f056b6cec4
key: 1364ead92c47aa7becfa95203037b19a key: 1364ead92c47aa7becfa95203037b19a
base_nonce: 99d8b5c54669807e9fc70df1 base_nonce: 99d8b5c54669807e9fc70df1
exporter_secret: exporter_secret:
f048d55eacbf60f9c6154bd4021774d1075ebf963c6adc71fa846f183ab2dde6 f048d55eacbf60f9c6154bd4021774d1075ebf963c6adc71fa846f183ab2dde6
]]></sourcecode> ]]></artwork>
<section anchor="encryptions-3" numbered="true" toc="default"> <section anchor="encryptions-3" numbered="true" toc="default">
<name>Encryptions</name> <name>Encryptions</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
sequence number: 0 sequence number: 0
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d30 aad: 436f756e742d30
nonce: 99d8b5c54669807e9fc70df1 nonce: 99d8b5c54669807e9fc70df1
ct: a84c64df1e11d8fd11450039d4fe64ff0c8a99fca0bd72c2d4c3e0400bc14a40f27e ct: a84c64df1e11d8fd11450039d4fe64ff0c8a99fca0bd72c2d4c3e0400bc14a40
45e141a24001697737533e f27e45e141a24001697737533e
sequence number: 1 sequence number: 1
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d31 aad: 436f756e742d31
nonce: 99d8b5c54669807e9fc70df0 nonce: 99d8b5c54669807e9fc70df0
ct: 4d19303b848f424fc3c3beca249b2c6de0a34083b8e909b6aa4c3688505c05ffe0c8 ct: 4d19303b848f424fc3c3beca249b2c6de0a34083b8e909b6aa4c3688505c05ff
f57a0a4c5ab9da127435d9 e0c8f57a0a4c5ab9da127435d9
sequence number: 2 sequence number: 2
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d32 aad: 436f756e742d32
nonce: 99d8b5c54669807e9fc70df3 nonce: 99d8b5c54669807e9fc70df3
ct: 0c085a365fbfa63409943b00a3127abce6e45991bc653f182a80120868fc507e9e4d ct: 0c085a365fbfa63409943b00a3127abce6e45991bc653f182a80120868fc507e
5e37bcc384fc8f14153b24 9e4d5e37bcc384fc8f14153b24
sequence number: 4 sequence number: 4
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d34 aad: 436f756e742d34
nonce: 99d8b5c54669807e9fc70df5 nonce: 99d8b5c54669807e9fc70df5
ct: 000a3cd3a3523bf7d9796830b1cd987e841a8bae6561ebb6791a3f0e34e89a4fb539 ct: 000a3cd3a3523bf7d9796830b1cd987e841a8bae6561ebb6791a3f0e34e89a4f
faeee3428b8bbc082d2c1a b539faeee3428b8bbc082d2c1a
sequence number: 255 sequence number: 255
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d323535 aad: 436f756e742d323535
nonce: 99d8b5c54669807e9fc70d0e nonce: 99d8b5c54669807e9fc70d0e
ct: 576d39dd2d4cc77d1a14a51d5c5f9d5e77586c3d8d2ab33bdec6379e28ce5c502f0b ct: 576d39dd2d4cc77d1a14a51d5c5f9d5e77586c3d8d2ab33bdec6379e28ce5c50
1cbd09047cf9eb9269bb52 2f0b1cbd09047cf9eb9269bb52
sequence number: 256 sequence number: 256
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d323536 aad: 436f756e742d323536
nonce: 99d8b5c54669807e9fc70cf1 nonce: 99d8b5c54669807e9fc70cf1
ct: 13239bab72e25e9fd5bb09695d23c90a24595158b99127505c8a9ff9f127e0d657f7 ct: 13239bab72e25e9fd5bb09695d23c90a24595158b99127505c8a9ff9f127e0d6
1af59d67d4f4971da028f9 57f71af59d67d4f4971da028f9
]]></sourcecode> ]]></artwork>
</section> </section>
<section anchor="exported-values-3" numbered="true" toc="default"> <section anchor="exported-values-3" numbered="true" toc="default">
<name>Exported Values</name> <name>Exported Values</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
exporter_context: exporter_context:
L: 32 L: 32
exported_value: exported_value:
08f7e20644bb9b8af54ad66d2067457c5f9fcb2a23d9f6cb4445c0797b330067 08f7e20644bb9b8af54ad66d2067457c5f9fcb2a23d9f6cb4445c0797b330067
exporter_context: 00 exporter_context: 00
L: 32 L: 32
exported_value: exported_value:
52e51ff7d436557ced5265ff8b94ce69cf7583f49cdb374e6aad801fc063b010 52e51ff7d436557ced5265ff8b94ce69cf7583f49cdb374e6aad801fc063b010
exporter_context: 54657374436f6e74657874 exporter_context: 54657374436f6e74657874
L: 32 L: 32
exported_value: exported_value:
a30c20370c026bbea4dca51cb63761695132d342bae33a6a11527d3e7679436d a30c20370c026bbea4dca51cb63761695132d342bae33a6a11527d3e7679436d
]]></sourcecode> ]]></artwork>
</section> </section>
</section> </section>
</section> </section>
<section anchor="dhkemx25519-hkdf-sha256-hkdf-sha256-chacha20poly1305" num bered="true" toc="default"> <section anchor="dhkemx25519-hkdf-sha256-hkdf-sha256-chacha20poly1305" num bered="true" toc="default">
<name>DHKEM(X25519, HKDF-SHA256), HKDF-SHA256, ChaCha20Poly1305</name> <name>DHKEM(X25519, HKDF-SHA256), HKDF-SHA256, ChaCha20Poly1305</name>
<section anchor="base-setup-information-1" numbered="true" toc="default" > <section anchor="base-setup-information-1" numbered="true" toc="default" >
<name>Base Setup Information</name> <name>Base Setup Information</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
mode: 0 mode: 0
kem_id: 32 kem_id: 32
kdf_id: 1 kdf_id: 1
aead_id: 3 aead_id: 3
info: 4f6465206f6e2061204772656369616e2055726e info: 4f6465206f6e2061204772656369616e2055726e
ikmE: 909a9b35d3dc4713a5e72a4da274b55d3d3821a37e5d099e74a647db583a904b ikmE:
pkEm: 1afa08d3dec047a643885163f1180476fa7ddb54c6a8029ea33f95796bf2ac4a 909a9b35d3dc4713a5e72a4da274b55d3d3821a37e5d099e74a647db583a904b
skEm: f4ec9b33b792c372c1d2c2063507b684ef925b8c75a42dbcbf57d63ccd381600 pkEm:
ikmR: 1ac01f181fdf9f352797655161c58b75c656a6cc2716dcb66372da835542e1df 1afa08d3dec047a643885163f1180476fa7ddb54c6a8029ea33f95796bf2ac4a
pkRm: 4310ee97d88cc1f088a5576c77ab0cf5c3ac797f3d95139c6c84b5429c59662a skEm:
skRm: 8057991eef8f1f1af18f4a9491d16a1ce333f695d4db8e38da75975c4478e0fb f4ec9b33b792c372c1d2c2063507b684ef925b8c75a42dbcbf57d63ccd381600
enc: 1afa08d3dec047a643885163f1180476fa7ddb54c6a8029ea33f95796bf2ac4a ikmR:
1ac01f181fdf9f352797655161c58b75c656a6cc2716dcb66372da835542e1df
pkRm:
4310ee97d88cc1f088a5576c77ab0cf5c3ac797f3d95139c6c84b5429c59662a
skRm:
8057991eef8f1f1af18f4a9491d16a1ce333f695d4db8e38da75975c4478e0fb
enc:
1afa08d3dec047a643885163f1180476fa7ddb54c6a8029ea33f95796bf2ac4a
shared_secret: shared_secret:
0bbe78490412b4bbea4812666f7916932b828bba79942424abb65244930d69a7 0bbe78490412b4bbea4812666f7916932b828bba79942424abb65244930d69a7
key_schedule_context: 00431df6cd95e11ff49d7013563baf7f11588c75a6611ee2a4 key_schedule_context: 00431df6cd95e11ff49d7013563baf7f11588c75a6611e
404a49306ae4cfc5b69c5718a60cc5876c358d3f7fc31ddb598503f67be58ea1e798c0bb e2a4404a49306ae4cfc5b69c5718a60cc5876c358d3f7fc31ddb598503f67be58ea1
19eb9796 e798c0bb19eb9796
secret: 5b9cd775e64b437a2335cf499361b2e0d5e444d5cb41a8a53336d8fe402282c6 secret:
key: ad2744de8e17f4ebba575b3f5f5a8fa1f69c2a07f6e7500bc60ca6e3e3ec1c91 5b9cd775e64b437a2335cf499361b2e0d5e444d5cb41a8a53336d8fe402282c6
key:
ad2744de8e17f4ebba575b3f5f5a8fa1f69c2a07f6e7500bc60ca6e3e3ec1c91
base_nonce: 5c4d98150661b848853b547f base_nonce: 5c4d98150661b848853b547f
exporter_secret: exporter_secret:
a3b010d4994890e2c6968a36f64470d3c824c8f5029942feb11e7a74b2921922 a3b010d4994890e2c6968a36f64470d3c824c8f5029942feb11e7a74b2921922
]]></sourcecode> ]]></artwork>
<section anchor="encryptions-4" numbered="true" toc="default"> <section anchor="encryptions-4" numbered="true" toc="default">
<name>Encryptions</name> <name>Encryptions</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
sequence number: 0 sequence number: 0
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d30 aad: 436f756e742d30
nonce: 5c4d98150661b848853b547f nonce: 5c4d98150661b848853b547f
ct: 1c5250d8034ec2b784ba2cfd69dbdb8af406cfe3ff938e131f0def8c8b60b4db2199 ct: 1c5250d8034ec2b784ba2cfd69dbdb8af406cfe3ff938e131f0def8c8b60b4db
3c62ce81883d2dd1b51a28 21993c62ce81883d2dd1b51a28
sequence number: 1 sequence number: 1
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d31 aad: 436f756e742d31
nonce: 5c4d98150661b848853b547e nonce: 5c4d98150661b848853b547e
ct: 6b53c051e4199c518de79594e1c4ab18b96f081549d45ce015be002090bb119e8528 ct: 6b53c051e4199c518de79594e1c4ab18b96f081549d45ce015be002090bb119e
5337cc95ba5f59992dc98c 85285337cc95ba5f59992dc98c
sequence number: 2 sequence number: 2
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d32 aad: 436f756e742d32
nonce: 5c4d98150661b848853b547d nonce: 5c4d98150661b848853b547d
ct: 71146bd6795ccc9c49ce25dda112a48f202ad220559502cef1f34271e0cb4b02b4f1 ct: 71146bd6795ccc9c49ce25dda112a48f202ad220559502cef1f34271e0cb4b02
0ecac6f48c32f878fae86b b4f10ecac6f48c32f878fae86b
sequence number: 4 sequence number: 4
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d34 aad: 436f756e742d34
nonce: 5c4d98150661b848853b547b nonce: 5c4d98150661b848853b547b
ct: 63357a2aa291f5a4e5f27db6baa2af8cf77427c7c1a909e0b37214dd47db122bb153 ct: 63357a2aa291f5a4e5f27db6baa2af8cf77427c7c1a909e0b37214dd47db122b
495ff0b02e9e54a50dbe16 b153495ff0b02e9e54a50dbe16
sequence number: 255 sequence number: 255
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d323535 aad: 436f756e742d323535
nonce: 5c4d98150661b848853b5480 nonce: 5c4d98150661b848853b5480
ct: 18ab939d63ddec9f6ac2b60d61d36a7375d2070c9b683861110757062c52b8880a5f ct: 18ab939d63ddec9f6ac2b60d61d36a7375d2070c9b683861110757062c52b888
6b3936da9cd6c23ef2a95c 0a5f6b3936da9cd6c23ef2a95c
sequence number: 256 sequence number: 256
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d323536 aad: 436f756e742d323536
nonce: 5c4d98150661b848853b557f nonce: 5c4d98150661b848853b557f
ct: 7a4a13e9ef23978e2c520fd4d2e757514ae160cd0cd05e556ef692370ca53076214c ct: 7a4a13e9ef23978e2c520fd4d2e757514ae160cd0cd05e556ef692370ca53076
0c40d4c728d6ed9e727a5b 214c0c40d4c728d6ed9e727a5b
]]></sourcecode> ]]></artwork>
</section> </section>
<section anchor="exported-values-4" numbered="true" toc="default"> <section anchor="exported-values-4" numbered="true" toc="default">
<name>Exported Values</name> <name>Exported Values</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
exporter_context: exporter_context:
L: 32 L: 32
exported_value: exported_value:
4bbd6243b8bb54cec311fac9df81841b6fd61f56538a775e7c80a9f40160606e 4bbd6243b8bb54cec311fac9df81841b6fd61f56538a775e7c80a9f40160606e
exporter_context: 00 exporter_context: 00
L: 32 L: 32
exported_value: exported_value:
8c1df14732580e5501b00f82b10a1647b40713191b7c1240ac80e2b68808ba69 8c1df14732580e5501b00f82b10a1647b40713191b7c1240ac80e2b68808ba69
exporter_context: 54657374436f6e74657874 exporter_context: 54657374436f6e74657874
L: 32 L: 32
exported_value: exported_value:
5acb09211139c43b3090489a9da433e8a30ee7188ba8b0a9a1ccf0c229283e53 5acb09211139c43b3090489a9da433e8a30ee7188ba8b0a9a1ccf0c229283e53
]]></sourcecode> ]]></artwork>
</section> </section>
</section> </section>
<section anchor="psk-setup-information-1" numbered="true" toc="default"> <section anchor="psk-setup-information-1" numbered="true" toc="default">
<name>PSK Setup Information</name> <name>PSK Setup Information</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
mode: 1 mode: 1
kem_id: 32 kem_id: 32
kdf_id: 1 kdf_id: 1
aead_id: 3 aead_id: 3
info: 4f6465206f6e2061204772656369616e2055726e info: 4f6465206f6e2061204772656369616e2055726e
ikmE: 35706a0b09fb26fb45c39c2f5079c709c7cf98e43afa973f14d88ece7e29c2e3 ikmE:
pkEm: 2261299c3f40a9afc133b969a97f05e95be2c514e54f3de26cbe5644ac735b04 35706a0b09fb26fb45c39c2f5079c709c7cf98e43afa973f14d88ece7e29c2e3
skEm: 0c35fdf49df7aa01cd330049332c40411ebba36e0c718ebc3edf5845795f6321 pkEm:
ikmR: 26b923eade72941c8a85b09986cdfa3f1296852261adedc52d58d2930269812b 2261299c3f40a9afc133b969a97f05e95be2c514e54f3de26cbe5644ac735b04
pkRm: 13640af826b722fc04feaa4de2f28fbd5ecc03623b317834e7ff4120dbe73062 skEm:
skRm: 77d114e0212be51cb1d76fa99dd41cfd4d0166b08caa09074430a6c59ef17879 0c35fdf49df7aa01cd330049332c40411ebba36e0c718ebc3edf5845795f6321
psk: 0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82 ikmR:
26b923eade72941c8a85b09986cdfa3f1296852261adedc52d58d2930269812b
pkRm:
13640af826b722fc04feaa4de2f28fbd5ecc03623b317834e7ff4120dbe73062
skRm:
77d114e0212be51cb1d76fa99dd41cfd4d0166b08caa09074430a6c59ef17879
psk:
0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82
psk_id: 456e6e796e20447572696e206172616e204d6f726961 psk_id: 456e6e796e20447572696e206172616e204d6f726961
enc: 2261299c3f40a9afc133b969a97f05e95be2c514e54f3de26cbe5644ac735b04 enc:
2261299c3f40a9afc133b969a97f05e95be2c514e54f3de26cbe5644ac735b04
shared_secret: shared_secret:
4be079c5e77779d0215b3f689595d59e3e9b0455d55662d1f3666ec606e50ea7 4be079c5e77779d0215b3f689595d59e3e9b0455d55662d1f3666ec606e50ea7
key_schedule_context: 016870c4c76ca38ae43efbec0f2377d109499d7ce73f4a9e1e key_schedule_context: 016870c4c76ca38ae43efbec0f2377d109499d7ce73f4a
c37f21d3d063b97cb69c5718a60cc5876c358d3f7fc31ddb598503f67be58ea1e798c0bb 9e1ec37f21d3d063b97cb69c5718a60cc5876c358d3f7fc31ddb598503f67be58ea1
19eb9796 e798c0bb19eb9796
secret: 16974354c497c9bd24c000ceed693779b604f1944975b18c442d373663f4a8cc secret:
key: 600d2fdb0313a7e5c86a9ce9221cd95bed069862421744cfb4ab9d7203a9c019 16974354c497c9bd24c000ceed693779b604f1944975b18c442d373663f4a8cc
key:
600d2fdb0313a7e5c86a9ce9221cd95bed069862421744cfb4ab9d7203a9c019
base_nonce: 112e0465562045b7368653e7 base_nonce: 112e0465562045b7368653e7
exporter_secret: exporter_secret:
73b506dc8b6b4269027f80b0362def5cbb57ee50eed0c2873dac9181f453c5ac 73b506dc8b6b4269027f80b0362def5cbb57ee50eed0c2873dac9181f453c5ac
]]></sourcecode> ]]></artwork>
<section anchor="encryptions-5" numbered="true" toc="default"> <section anchor="encryptions-5" numbered="true" toc="default">
<name>Encryptions</name> <name>Encryptions</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
sequence number: 0 sequence number: 0
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d30 aad: 436f756e742d30
nonce: 112e0465562045b7368653e7 nonce: 112e0465562045b7368653e7
ct: 4a177f9c0d6f15cfdf533fb65bf84aecdc6ab16b8b85b4cf65a370e07fc1d78d28fb ct: 4a177f9c0d6f15cfdf533fb65bf84aecdc6ab16b8b85b4cf65a370e07fc1d78d
073214525276f4a89608ff 28fb073214525276f4a89608ff
sequence number: 1 sequence number: 1
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d31 aad: 436f756e742d31
nonce: 112e0465562045b7368653e6 nonce: 112e0465562045b7368653e6
ct: 5c3cabae2f0b3e124d8d864c116fd8f20f3f56fda988c3573b40b09997fd6c769e77 ct: 5c3cabae2f0b3e124d8d864c116fd8f20f3f56fda988c3573b40b09997fd6c76
c8eda6cda4f947f5b704a8 9e77c8eda6cda4f947f5b704a8
sequence number: 2 sequence number: 2
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d32 aad: 436f756e742d32
nonce: 112e0465562045b7368653e5 nonce: 112e0465562045b7368653e5
ct: 14958900b44bdae9cbe5a528bf933c5c990dbb8e282e6e495adf8205d19da9eb270e ct: 14958900b44bdae9cbe5a528bf933c5c990dbb8e282e6e495adf8205d19da9eb
3a6f1e0613ab7e757962a4 270e3a6f1e0613ab7e757962a4
sequence number: 4 sequence number: 4
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d34 aad: 436f756e742d34
nonce: 112e0465562045b7368653e3 nonce: 112e0465562045b7368653e3
ct: c2a7bc09ddb853cf2effb6e8d058e346f7fe0fb3476528c80db6b698415c5f8c50b6 ct: c2a7bc09ddb853cf2effb6e8d058e346f7fe0fb3476528c80db6b698415c5f8c
8a9a355609e96d2117f8d3 50b68a9a355609e96d2117f8d3
sequence number: 255 sequence number: 255
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d323535 aad: 436f756e742d323535
nonce: 112e0465562045b736865318 nonce: 112e0465562045b736865318
ct: 2414d0788e4bc39a59a26d7bd5d78e111c317d44c37bd5a4c2a1235f2ddc2085c487 ct: 2414d0788e4bc39a59a26d7bd5d78e111c317d44c37bd5a4c2a1235f2ddc2085
d406490e75210c958724a7 c487d406490e75210c958724a7
sequence number: 256 sequence number: 256
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d323536 aad: 436f756e742d323536
nonce: 112e0465562045b7368652e7 nonce: 112e0465562045b7368652e7
ct: c567ae1c3f0f75abe1dd9e4532b422600ed4a6e5b9484dafb1e43ab9f5fd662b28c0 ct: c567ae1c3f0f75abe1dd9e4532b422600ed4a6e5b9484dafb1e43ab9f5fd662b
0e2e81d3cde955dae7e218 28c00e2e81d3cde955dae7e218
]]></sourcecode> ]]></artwork>
</section> </section>
<section anchor="exported-values-5" numbered="true" toc="default"> <section anchor="exported-values-5" numbered="true" toc="default">
<name>Exported Values</name> <name>Exported Values</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
exporter_context: exporter_context:
L: 32 L: 32
exported_value: exported_value:
813c1bfc516c99076ae0f466671f0ba5ff244a41699f7b2417e4c59d46d39f40 813c1bfc516c99076ae0f466671f0ba5ff244a41699f7b2417e4c59d46d39f40
exporter_context: 00 exporter_context: 00
L: 32 L: 32
exported_value: exported_value:
2745cf3d5bb65c333658732954ee7af49eb895ce77f8022873a62a13c94cb4e1 2745cf3d5bb65c333658732954ee7af49eb895ce77f8022873a62a13c94cb4e1
exporter_context: 54657374436f6e74657874 exporter_context: 54657374436f6e74657874
L: 32 L: 32
exported_value: exported_value:
ad40e3ae14f21c99bfdebc20ae14ab86f4ca2dc9a4799d200f43a25f99fa78ae ad40e3ae14f21c99bfdebc20ae14ab86f4ca2dc9a4799d200f43a25f99fa78ae
]]></sourcecode> ]]></artwork>
</section> </section>
</section> </section>
<section anchor="auth-setup-information-1" numbered="true" toc="default" > <section anchor="auth-setup-information-1" numbered="true" toc="default" >
<name>Auth Setup Information</name> <name>Auth Setup Information</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
mode: 2 mode: 2
kem_id: 32 kem_id: 32
kdf_id: 1 kdf_id: 1
aead_id: 3 aead_id: 3
info: 4f6465206f6e2061204772656369616e2055726e info: 4f6465206f6e2061204772656369616e2055726e
ikmE: 938d3daa5a8904540bc24f48ae90eed3f4f7f11839560597b55e7c9598c996c0 ikmE:
pkEm: f7674cc8cd7baa5872d1f33dbaffe3314239f6197ddf5ded1746760bfc847e0e 938d3daa5a8904540bc24f48ae90eed3f4f7f11839560597b55e7c9598c996c0
skEm: c94619e1af28971c8fa7957192b7e62a71ca2dcdde0a7cc4a8a9e741d600ab13 pkEm:
ikmR: 64835d5ee64aa7aad57c6f2e4f758f7696617f8829e70bc9ac7a5ef95d1c756c f7674cc8cd7baa5872d1f33dbaffe3314239f6197ddf5ded1746760bfc847e0e
pkRm: 1a478716d63cb2e16786ee93004486dc151e988b34b475043d3e0175bdb01c44 skEm:
skRm: 3ca22a6d1cda1bb9480949ec5329d3bf0b080ca4c45879c95eddb55c70b80b82 c94619e1af28971c8fa7957192b7e62a71ca2dcdde0a7cc4a8a9e741d600ab13
ikmS: 9d8f94537d5a3ddef71234c0baedfad4ca6861634d0b94c3007fed557ad17df6 ikmR:
pkSm: f0f4f9e96c54aeed3f323de8534fffd7e0577e4ce269896716bcb95643c8712b 64835d5ee64aa7aad57c6f2e4f758f7696617f8829e70bc9ac7a5ef95d1c756c
skSm: 2def0cb58ffcf83d1062dd085c8aceca7f4c0c3fd05912d847b61f3e54121f05 pkRm:
enc: f7674cc8cd7baa5872d1f33dbaffe3314239f6197ddf5ded1746760bfc847e0e 1a478716d63cb2e16786ee93004486dc151e988b34b475043d3e0175bdb01c44
skRm:
3ca22a6d1cda1bb9480949ec5329d3bf0b080ca4c45879c95eddb55c70b80b82
ikmS:
9d8f94537d5a3ddef71234c0baedfad4ca6861634d0b94c3007fed557ad17df6
pkSm:
f0f4f9e96c54aeed3f323de8534fffd7e0577e4ce269896716bcb95643c8712b
skSm:
2def0cb58ffcf83d1062dd085c8aceca7f4c0c3fd05912d847b61f3e54121f05
enc:
f7674cc8cd7baa5872d1f33dbaffe3314239f6197ddf5ded1746760bfc847e0e
shared_secret: shared_secret:
d2d67828c8bc9fa661cf15a31b3ebf1febe0cafef7abfaaca580aaf6d471e3eb d2d67828c8bc9fa661cf15a31b3ebf1febe0cafef7abfaaca580aaf6d471e3eb
key_schedule_context: 02431df6cd95e11ff49d7013563baf7f11588c75a6611ee2a4 key_schedule_context: 02431df6cd95e11ff49d7013563baf7f11588c75a6611e
404a49306ae4cfc5b69c5718a60cc5876c358d3f7fc31ddb598503f67be58ea1e798c0bb e2a4404a49306ae4cfc5b69c5718a60cc5876c358d3f7fc31ddb598503f67be58ea1
19eb9796 e798c0bb19eb9796
secret: 3022dfc0a81d6e09a2e6daeeb605bb1ebb9ac49535540d9a4c6560064a6c6da8 secret:
key: b071fd1136680600eb447a845a967d35e9db20749cdf9ce098bcc4deef4b1356 3022dfc0a81d6e09a2e6daeeb605bb1ebb9ac49535540d9a4c6560064a6c6da8
key:
b071fd1136680600eb447a845a967d35e9db20749cdf9ce098bcc4deef4b1356
base_nonce: d20577dff16d7cea2c4bf780 base_nonce: d20577dff16d7cea2c4bf780
exporter_secret: exporter_secret:
be2d93b82071318cdb88510037cf504344151f2f9b9da8ab48974d40a2251dd7 be2d93b82071318cdb88510037cf504344151f2f9b9da8ab48974d40a2251dd7
]]></sourcecode> ]]></artwork>
<section anchor="encryptions-6" numbered="true" toc="default"> <section anchor="encryptions-6" numbered="true" toc="default">
<name>Encryptions</name> <name>Encryptions</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
sequence number: 0 sequence number: 0
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d30 aad: 436f756e742d30
nonce: d20577dff16d7cea2c4bf780 nonce: d20577dff16d7cea2c4bf780
ct: ab1a13c9d4f01a87ec3440dbd756e2677bd2ecf9df0ce7ed73869b98e00c09be111c ct: ab1a13c9d4f01a87ec3440dbd756e2677bd2ecf9df0ce7ed73869b98e00c09be
b9fdf077347aeb88e61bdf 111cb9fdf077347aeb88e61bdf
sequence number: 1 sequence number: 1
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d31 aad: 436f756e742d31
nonce: d20577dff16d7cea2c4bf781 nonce: d20577dff16d7cea2c4bf781
ct: 3265c7807ffff7fdace21659a2c6ccffee52a26d270c76468ed74202a65478bfaedf ct: 3265c7807ffff7fdace21659a2c6ccffee52a26d270c76468ed74202a65478bf
ff9c2b7634e24f10b71016 aedfff9c2b7634e24f10b71016
sequence number: 2 sequence number: 2
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d32 aad: 436f756e742d32
nonce: d20577dff16d7cea2c4bf782 nonce: d20577dff16d7cea2c4bf782
ct: 3aadee86ad2a05081ea860033a9d09dbccb4acac2ded0891da40f51d4df19925f7a7 ct: 3aadee86ad2a05081ea860033a9d09dbccb4acac2ded0891da40f51d4df19925
67b076a5cbc9355c8fd35e f7a767b076a5cbc9355c8fd35e
sequence number: 4 sequence number: 4
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d34 aad: 436f756e742d34
nonce: d20577dff16d7cea2c4bf784 nonce: d20577dff16d7cea2c4bf784
ct: 502ecccd5c2be3506a081809cc58b43b94f77cbe37b8b31712d9e21c9e61aa6946a8 ct: 502ecccd5c2be3506a081809cc58b43b94f77cbe37b8b31712d9e21c9e61aa69
e922f54eae630f88eb8033 46a8e922f54eae630f88eb8033
sequence number: 255 sequence number: 255
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d323535 aad: 436f756e742d323535
nonce: d20577dff16d7cea2c4bf77f nonce: d20577dff16d7cea2c4bf77f
ct: 652e597ba20f3d9241cda61f33937298b1169e6adf72974bbe454297502eb4be132e ct: 652e597ba20f3d9241cda61f33937298b1169e6adf72974bbe454297502eb4be
1c5064702fc165c2ddbde8 132e1c5064702fc165c2ddbde8
sequence number: 256 sequence number: 256
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d323536 aad: 436f756e742d323536
nonce: d20577dff16d7cea2c4bf680 nonce: d20577dff16d7cea2c4bf680
ct: 3be14e8b3bbd1028cf2b7d0a691dbbeff71321e7dec92d3c2cfb30a0994ab246af76 ct: 3be14e8b3bbd1028cf2b7d0a691dbbeff71321e7dec92d3c2cfb30a0994ab246
168480285a60037b4ba13a af76168480285a60037b4ba13a
]]></sourcecode> ]]></artwork>
</section> </section>
<section anchor="exported-values-6" numbered="true" toc="default"> <section anchor="exported-values-6" numbered="true" toc="default">
<name>Exported Values</name> <name>Exported Values</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
exporter_context: exporter_context:
L: 32 L: 32
exported_value: exported_value:
070cffafd89b67b7f0eeb800235303a223e6ff9d1e774dce8eac585c8688c872 070cffafd89b67b7f0eeb800235303a223e6ff9d1e774dce8eac585c8688c872
exporter_context: 00 exporter_context: 00
L: 32 L: 32
exported_value: exported_value:
2852e728568d40ddb0edde284d36a4359c56558bb2fb8837cd3d92e46a3a14a8 2852e728568d40ddb0edde284d36a4359c56558bb2fb8837cd3d92e46a3a14a8
exporter_context: 54657374436f6e74657874 exporter_context: 54657374436f6e74657874
L: 32 L: 32
exported_value: exported_value:
1df39dc5dd60edcbf5f9ae804e15ada66e885b28ed7929116f768369a3f950ee 1df39dc5dd60edcbf5f9ae804e15ada66e885b28ed7929116f768369a3f950ee
]]></sourcecode> ]]></artwork>
</section> </section>
</section> </section>
<section anchor="authpsk-setup-information-1" numbered="true" toc="defau lt"> <section anchor="authpsk-setup-information-1" numbered="true" toc="defau lt">
<name>AuthPSK Setup Information</name> <name>AuthPSK Setup Information</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
mode: 3 mode: 3
kem_id: 32 kem_id: 32
kdf_id: 1 kdf_id: 1
aead_id: 3 aead_id: 3
info: 4f6465206f6e2061204772656369616e2055726e info: 4f6465206f6e2061204772656369616e2055726e
ikmE: 49d6eac8c6c558c953a0a252929a818745bb08cd3d29e15f9f5db5eb2e7d4b84 ikmE:
pkEm: 656a2e00dc9990fd189e6e473459392df556e9a2758754a09db3f51179a3fc02 49d6eac8c6c558c953a0a252929a818745bb08cd3d29e15f9f5db5eb2e7d4b84
skEm: 5e6dd73e82b856339572b7245d3cbb073a7561c0bee52873490e305cbb710410 pkEm:
ikmR: f3304ddcf15848488271f12b75ecaf72301faabf6ad283654a14c398832eb184 656a2e00dc9990fd189e6e473459392df556e9a2758754a09db3f51179a3fc02
pkRm: a5099431c35c491ec62ca91df1525d6349cb8aa170c51f9581f8627be6334851 skEm:
skRm: 7b36a42822e75bf3362dfabbe474b3016236408becb83b859a6909e22803cb0c 5e6dd73e82b856339572b7245d3cbb073a7561c0bee52873490e305cbb710410
ikmS: 20ade1d5203de1aadfb261c4700b6432e260d0d317be6ebbb8d7fffb1f86ad9d ikmR:
pkSm: 3ac5bd4dd66ff9f2740bef0d6ccb66daa77bff7849d7895182b07fb74d087c45 f3304ddcf15848488271f12b75ecaf72301faabf6ad283654a14c398832eb184
skSm: 90761c5b0a7ef0985ed66687ad708b921d9803d51637c8d1cb72d03ed0f64418 pkRm:
psk: 0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82 a5099431c35c491ec62ca91df1525d6349cb8aa170c51f9581f8627be6334851
skRm:
7b36a42822e75bf3362dfabbe474b3016236408becb83b859a6909e22803cb0c
ikmS:
20ade1d5203de1aadfb261c4700b6432e260d0d317be6ebbb8d7fffb1f86ad9d
pkSm:
3ac5bd4dd66ff9f2740bef0d6ccb66daa77bff7849d7895182b07fb74d087c45
skSm:
90761c5b0a7ef0985ed66687ad708b921d9803d51637c8d1cb72d03ed0f64418
psk:
0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82
psk_id: 456e6e796e20447572696e206172616e204d6f726961 psk_id: 456e6e796e20447572696e206172616e204d6f726961
enc: 656a2e00dc9990fd189e6e473459392df556e9a2758754a09db3f51179a3fc02 enc:
656a2e00dc9990fd189e6e473459392df556e9a2758754a09db3f51179a3fc02
shared_secret: shared_secret:
86a6c0ed17714f11d2951747e660857a5fd7616c933ef03207808b7a7123fe67 86a6c0ed17714f11d2951747e660857a5fd7616c933ef03207808b7a7123fe67
key_schedule_context: 036870c4c76ca38ae43efbec0f2377d109499d7ce73f4a9e1e key_schedule_context: 036870c4c76ca38ae43efbec0f2377d109499d7ce73f4a
c37f21d3d063b97cb69c5718a60cc5876c358d3f7fc31ddb598503f67be58ea1e798c0bb 9e1ec37f21d3d063b97cb69c5718a60cc5876c358d3f7fc31ddb598503f67be58ea1
19eb9796 e798c0bb19eb9796
secret: 22670daee17530c9564001d0a7e740e80d0bcc7ae15349f472fcc9e057cbc259 secret:
key: 49c7e6d7d2d257aded2a746fe6a9bf12d4de8007c4862b1fdffe8c35fb65054c 22670daee17530c9564001d0a7e740e80d0bcc7ae15349f472fcc9e057cbc259
key:
49c7e6d7d2d257aded2a746fe6a9bf12d4de8007c4862b1fdffe8c35fb65054c
base_nonce: abac79931e8c1bcb8a23960a base_nonce: abac79931e8c1bcb8a23960a
exporter_secret: exporter_secret:
7c6cc1bb98993cd93e2599322247a58fd41fdecd3db895fb4c5fd8d6bbe606b5 7c6cc1bb98993cd93e2599322247a58fd41fdecd3db895fb4c5fd8d6bbe606b5
]]></sourcecode> ]]></artwork>
<section anchor="encryptions-7" numbered="true" toc="default"> <section anchor="encryptions-7" numbered="true" toc="default">
<name>Encryptions</name> <name>Encryptions</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
sequence number: 0 sequence number: 0
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d30 aad: 436f756e742d30
nonce: abac79931e8c1bcb8a23960a nonce: abac79931e8c1bcb8a23960a
ct: 9aa52e29274fc6172e38a4461361d2342585d3aeec67fb3b721ecd63f059577c7fe8 ct: 9aa52e29274fc6172e38a4461361d2342585d3aeec67fb3b721ecd63f059577c
86be0ede01456ebc67d597 7fe886be0ede01456ebc67d597
sequence number: 1 sequence number: 1
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d31 aad: 436f756e742d31
nonce: abac79931e8c1bcb8a23960b nonce: abac79931e8c1bcb8a23960b
ct: 59460bacdbe7a920ef2806a74937d5a691d6d5062d7daafcad7db7e4d8c649adffe5 ct: 59460bacdbe7a920ef2806a74937d5a691d6d5062d7daafcad7db7e4d8c649ad
75c1889c5c2e3a49af8e3e ffe575c1889c5c2e3a49af8e3e
sequence number: 2 sequence number: 2
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d32 aad: 436f756e742d32
nonce: abac79931e8c1bcb8a239608 nonce: abac79931e8c1bcb8a239608
ct: 5688ff6a03ba26ae936044a5c800f286fb5d1eccdd2a0f268f6ff9773b51169318d1 ct: 5688ff6a03ba26ae936044a5c800f286fb5d1eccdd2a0f268f6ff9773b511693
a1466bb36263415071db00 18d1a1466bb36263415071db00
sequence number: 4 sequence number: 4
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d34 aad: 436f756e742d34
nonce: abac79931e8c1bcb8a23960e nonce: abac79931e8c1bcb8a23960e
ct: d936b7a01f5c7dc4c3dc04e322cc694684ee18dd71719196874e5235aed3cfb06cad ct: d936b7a01f5c7dc4c3dc04e322cc694684ee18dd71719196874e5235aed3cfb0
cd3bc7da0877488d7c551d 6cadcd3bc7da0877488d7c551d
sequence number: 255 sequence number: 255
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d323535 aad: 436f756e742d323535
nonce: abac79931e8c1bcb8a2396f5 nonce: abac79931e8c1bcb8a2396f5
ct: 4d4c462f7b9b637eaf1f4e15e325b7bc629c0af6e3073422c86064cc3c98cff87300 ct: 4d4c462f7b9b637eaf1f4e15e325b7bc629c0af6e3073422c86064cc3c98cff8
f054fd56dd57dc34358beb 7300f054fd56dd57dc34358beb
sequence number: 256 sequence number: 256
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d323536 aad: 436f756e742d323536
nonce: abac79931e8c1bcb8a23970a nonce: abac79931e8c1bcb8a23970a
ct: 9b7f84224922d2a9edd7b2c2057f3bcf3a547f17570575e626202e593bfdd99e9878 ct: 9b7f84224922d2a9edd7b2c2057f3bcf3a547f17570575e626202e593bfdd99e
a1af9e41ded58c7fb77d2f 9878a1af9e41ded58c7fb77d2f
]]></sourcecode> ]]></artwork>
</section> </section>
<section anchor="exported-values-7" numbered="true" toc="default"> <section anchor="exported-values-7" numbered="true" toc="default">
<name>Exported Values</name> <name>Exported Values</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
exporter_context: exporter_context:
L: 32 L: 32
exported_value: exported_value:
c23ebd4e7a0ad06a5dddf779f65004ce9481069ce0f0e6dd51a04539ddcbd5cd c23ebd4e7a0ad06a5dddf779f65004ce9481069ce0f0e6dd51a04539ddcbd5cd
exporter_context: 00 exporter_context: 00
L: 32 L: 32
exported_value: exported_value:
ed7ff5ca40a3d84561067ebc8e01702bc36cf1eb99d42a92004642b9dfaadd37 ed7ff5ca40a3d84561067ebc8e01702bc36cf1eb99d42a92004642b9dfaadd37
exporter_context: 54657374436f6e74657874 exporter_context: 54657374436f6e74657874
L: 32 L: 32
exported_value: exported_value:
d3bae066aa8da27d527d85c040f7dd6ccb60221c902ee36a82f70bcd62a60ee4 d3bae066aa8da27d527d85c040f7dd6ccb60221c902ee36a82f70bcd62a60ee4
]]></sourcecode> ]]></artwork>
</section> </section>
</section> </section>
</section> </section>
<section anchor="dhkemp-256-hkdf-sha256-hkdf-sha256-aes-128-gcm" numbered= "true" toc="default"> <section anchor="dhkemp-256-hkdf-sha256-hkdf-sha256-aes-128-gcm" numbered= "true" toc="default">
<name>DHKEM(P-256, HKDF-SHA256), HKDF-SHA256, AES-128-GCM</name> <name>DHKEM(P-256, HKDF-SHA256), HKDF-SHA256, AES-128-GCM</name>
<section anchor="base-setup-information-2" numbered="true" toc="default" > <section anchor="base-setup-information-2" numbered="true" toc="default" >
<name>Base Setup Information</name> <name>Base Setup Information</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
mode: 0 mode: 0
kem_id: 16 kem_id: 16
kdf_id: 1 kdf_id: 1
aead_id: 1 aead_id: 1
info: 4f6465206f6e2061204772656369616e2055726e info: 4f6465206f6e2061204772656369616e2055726e
ikmE: 4270e54ffd08d79d5928020af4686d8f6b7d35dbe470265f1f5aa22816ce860e ikmE:
pkEm: 04a92719c6195d5085104f469a8b9814d5838ff72b60501e2c4466e5e67b325ac9 4270e54ffd08d79d5928020af4686d8f6b7d35dbe470265f1f5aa22816ce860e
8536d7b61a1af4b78e5b7f951c0900be863c403ce65c9bfcb9382657222d18c4 pkEm: 04a92719c6195d5085104f469a8b9814d5838ff72b60501e2c4466e5e67b32
skEm: 4995788ef4b9d6132b249ce59a77281493eb39af373d236a1fe415cb0c2d7beb 5ac98536d7b61a1af4b78e5b7f951c0900be863c403ce65c9bfcb9382657222d18c4
ikmR: 668b37171f1072f3cf12ea8a236a45df23fc13b82af3609ad1e354f6ef817550 skEm:
pkRm: 04fe8c19ce0905191ebc298a9245792531f26f0cece2460639e8bc39cb7f706a82 4995788ef4b9d6132b249ce59a77281493eb39af373d236a1fe415cb0c2d7beb
6a779b4cf969b8a0e539c7f62fb3d30ad6aa8f80e30f1d128aafd68a2ce72ea0 ikmR:
skRm: f3ce7fdae57e1a310d87f1ebbde6f328be0a99cdbcadf4d6589cf29de4b8ffd2 668b37171f1072f3cf12ea8a236a45df23fc13b82af3609ad1e354f6ef817550
enc: 04a92719c6195d5085104f469a8b9814d5838ff72b60501e2c4466e5e67b325ac98 pkRm: 04fe8c19ce0905191ebc298a9245792531f26f0cece2460639e8bc39cb7f70
536d7b61a1af4b78e5b7f951c0900be863c403ce65c9bfcb9382657222d18c4 6a826a779b4cf969b8a0e539c7f62fb3d30ad6aa8f80e30f1d128aafd68a2ce72ea0
skRm:
f3ce7fdae57e1a310d87f1ebbde6f328be0a99cdbcadf4d6589cf29de4b8ffd2
enc: 04a92719c6195d5085104f469a8b9814d5838ff72b60501e2c4466e5e67b325
ac98536d7b61a1af4b78e5b7f951c0900be863c403ce65c9bfcb9382657222d18c4
shared_secret: shared_secret:
c0d26aeab536609a572b07695d933b589dcf363ff9d93c93adea537aeabb8cb8 c0d26aeab536609a572b07695d933b589dcf363ff9d93c93adea537aeabb8cb8
key_schedule_context: 00b88d4e6d91759e65e87c470e8b9141113e9ad5f0c8ceefc1 key_schedule_context: 00b88d4e6d91759e65e87c470e8b9141113e9ad5f0c8ce
e088c82e6980500798e486f9c9c09c9b5c753ac72d6005de254c607d1b534ed11d493ae1 efc1e088c82e6980500798e486f9c9c09c9b5c753ac72d6005de254c607d1b534ed1
c1d9ac85 1d493ae1c1d9ac85
secret: 2eb7b6bf138f6b5aff857414a058a3f1750054a9ba1f72c2cf0684a6f20b10e1 secret:
2eb7b6bf138f6b5aff857414a058a3f1750054a9ba1f72c2cf0684a6f20b10e1
key: 868c066ef58aae6dc589b6cfdd18f97e key: 868c066ef58aae6dc589b6cfdd18f97e
base_nonce: 4e0bc5018beba4bf004cca59 base_nonce: 4e0bc5018beba4bf004cca59
exporter_secret: exporter_secret:
14ad94af484a7ad3ef40e9f3be99ecc6fa9036df9d4920548424df127ee0d99f 14ad94af484a7ad3ef40e9f3be99ecc6fa9036df9d4920548424df127ee0d99f
]]></sourcecode> ]]></artwork>
<section anchor="encryptions-8" numbered="true" toc="default"> <section anchor="encryptions-8" numbered="true" toc="default">
<name>Encryptions</name> <name>Encryptions</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
sequence number: 0 sequence number: 0
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d30 aad: 436f756e742d30
nonce: 4e0bc5018beba4bf004cca59 nonce: 4e0bc5018beba4bf004cca59
ct: 5ad590bb8baa577f8619db35a36311226a896e7342a6d836d8b7bcd2f20b6c7f9076 ct: 5ad590bb8baa577f8619db35a36311226a896e7342a6d836d8b7bcd2f20b6c7f
ac232e3ab2523f39513434 9076ac232e3ab2523f39513434
sequence number: 1 sequence number: 1
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d31 aad: 436f756e742d31
nonce: 4e0bc5018beba4bf004cca58 nonce: 4e0bc5018beba4bf004cca58
ct: fa6f037b47fc21826b610172ca9637e82d6e5801eb31cbd3748271affd4ecb06646e ct: fa6f037b47fc21826b610172ca9637e82d6e5801eb31cbd3748271affd4ecb06
0329cbdf3c3cd655b28e82 646e0329cbdf3c3cd655b28e82
sequence number: 2 sequence number: 2
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d32 aad: 436f756e742d32
nonce: 4e0bc5018beba4bf004cca5b nonce: 4e0bc5018beba4bf004cca5b
ct: 895cabfac50ce6c6eb02ffe6c048bf53b7f7be9a91fc559402cbc5b8dcaeb52b2ccc ct: 895cabfac50ce6c6eb02ffe6c048bf53b7f7be9a91fc559402cbc5b8dcaeb52b
93e466c28fb55fed7a7fec 2ccc93e466c28fb55fed7a7fec
sequence number: 4 sequence number: 4
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d34 aad: 436f756e742d34
nonce: 4e0bc5018beba4bf004cca5d nonce: 4e0bc5018beba4bf004cca5d
ct: 8787491ee8df99bc99a246c4b3216d3d57ab5076e18fa27133f520703bc70ec999dd ct: 8787491ee8df99bc99a246c4b3216d3d57ab5076e18fa27133f520703bc70ec9
36ce042e44f0c3169a6a8f 99dd36ce042e44f0c3169a6a8f
sequence number: 255 sequence number: 255
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d323535 aad: 436f756e742d323535
nonce: 4e0bc5018beba4bf004ccaa6 nonce: 4e0bc5018beba4bf004ccaa6
ct: 2ad71c85bf3f45c6eca301426289854b31448bcf8a8ccb1deef3ebd87f60848aa53c ct: 2ad71c85bf3f45c6eca301426289854b31448bcf8a8ccb1deef3ebd87f60848a
538c30a4dac71d619ee2cd a53c538c30a4dac71d619ee2cd
sequence number: 256 sequence number: 256
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d323536 aad: 436f756e742d323536
nonce: 4e0bc5018beba4bf004ccb59 nonce: 4e0bc5018beba4bf004ccb59
ct: 10f179686aa2caec1758c8e554513f16472bd0a11e2a907dde0b212cbe87d74f367f ct: 10f179686aa2caec1758c8e554513f16472bd0a11e2a907dde0b212cbe87d74f
8ffe5e41cd3e9962a6afb2 367f8ffe5e41cd3e9962a6afb2
]]></sourcecode> ]]></artwork>
</section> </section>
<section anchor="exported-values-8" numbered="true" toc="default"> <section anchor="exported-values-8" numbered="true" toc="default">
<name>Exported Values</name> <name>Exported Values</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
exporter_context: exporter_context:
L: 32 L: 32
exported_value: exported_value:
5e9bc3d236e1911d95e65b576a8a86d478fb827e8bdfe77b741b289890490d4d 5e9bc3d236e1911d95e65b576a8a86d478fb827e8bdfe77b741b289890490d4d
exporter_context: 00 exporter_context: 00
L: 32 L: 32
exported_value: exported_value:
6cff87658931bda83dc857e6353efe4987a201b849658d9b047aab4cf216e796 6cff87658931bda83dc857e6353efe4987a201b849658d9b047aab4cf216e796
exporter_context: 54657374436f6e74657874 exporter_context: 54657374436f6e74657874
L: 32 L: 32
exported_value: exported_value:
d8f1ea7942adbba7412c6d431c62d01371ea476b823eb697e1f6e6cae1dab85a d8f1ea7942adbba7412c6d431c62d01371ea476b823eb697e1f6e6cae1dab85a
]]></sourcecode> ]]></artwork>
</section> </section>
</section> </section>
<section anchor="psk-setup-information-2" numbered="true" toc="default"> <section anchor="psk-setup-information-2" numbered="true" toc="default">
<name>PSK Setup Information</name> <name>PSK Setup Information</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
mode: 1 mode: 1
kem_id: 16 kem_id: 16
kdf_id: 1 kdf_id: 1
aead_id: 1 aead_id: 1
info: 4f6465206f6e2061204772656369616e2055726e info: 4f6465206f6e2061204772656369616e2055726e
ikmE: 2afa611d8b1a7b321c761b483b6a053579afa4f767450d3ad0f84a39fda587a6 ikmE:
pkEm: 04305d35563527bce037773d79a13deabed0e8e7cde61eecee403496959e89e4d0 2afa611d8b1a7b321c761b483b6a053579afa4f767450d3ad0f84a39fda587a6
ca701726696d1485137ccb5341b3c1c7aaee90a4a02449725e744b1193b53b5f pkEm: 04305d35563527bce037773d79a13deabed0e8e7cde61eecee403496959e89
skEm: 57427244f6cc016cddf1c19c8973b4060aa13579b4c067fd5d93a5d74e32a90f e4d0ca701726696d1485137ccb5341b3c1c7aaee90a4a02449725e744b1193b53b5f
ikmR: d42ef874c1913d9568c9405407c805baddaffd0898a00f1e84e154fa787b2429 skEm:
pkRm: 040d97419ae99f13007a93996648b2674e5260a8ebd2b822e84899cd52d87446ea 57427244f6cc016cddf1c19c8973b4060aa13579b4c067fd5d93a5d74e32a90f
394ca76223b76639eccdf00e1967db10ade37db4e7db476261fcc8df97c5ffd1 ikmR:
skRm: 438d8bcef33b89e0e9ae5eb0957c353c25a94584b0dd59c991372a75b43cb661 d42ef874c1913d9568c9405407c805baddaffd0898a00f1e84e154fa787b2429
psk: 0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82 pkRm: 040d97419ae99f13007a93996648b2674e5260a8ebd2b822e84899cd52d874
46ea394ca76223b76639eccdf00e1967db10ade37db4e7db476261fcc8df97c5ffd1
skRm:
438d8bcef33b89e0e9ae5eb0957c353c25a94584b0dd59c991372a75b43cb661
psk:
0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82
psk_id: 456e6e796e20447572696e206172616e204d6f726961 psk_id: 456e6e796e20447572696e206172616e204d6f726961
enc: 04305d35563527bce037773d79a13deabed0e8e7cde61eecee403496959e89e4d0c enc: 04305d35563527bce037773d79a13deabed0e8e7cde61eecee403496959e89e
a701726696d1485137ccb5341b3c1c7aaee90a4a02449725e744b1193b53b5f 4d0ca701726696d1485137ccb5341b3c1c7aaee90a4a02449725e744b1193b53b5f
shared_secret: shared_secret:
2e783ad86a1beae03b5749e0f3f5e9bb19cb7eb382f2fb2dd64c99f15ae0661b 2e783ad86a1beae03b5749e0f3f5e9bb19cb7eb382f2fb2dd64c99f15ae0661b
key_schedule_context: 01b873cdf2dff4c1434988053b7a775e980dd2039ea24f950b key_schedule_context: 01b873cdf2dff4c1434988053b7a775e980dd2039ea24f
26b056ccedcb933198e486f9c9c09c9b5c753ac72d6005de254c607d1b534ed11d493ae1 950b26b056ccedcb933198e486f9c9c09c9b5c753ac72d6005de254c607d1b534ed1
c1d9ac85 1d493ae1c1d9ac85
secret: f2f534e55931c62eeb2188c1f53450354a725183937e68c85e68d6b267504d26 secret:
f2f534e55931c62eeb2188c1f53450354a725183937e68c85e68d6b267504d26
key: 55d9eb9d26911d4c514a990fa8d57048 key: 55d9eb9d26911d4c514a990fa8d57048
base_nonce: b595dc6b2d7e2ed23af529b1 base_nonce: b595dc6b2d7e2ed23af529b1
exporter_secret: exporter_secret:
895a723a1eab809804973a53c0ee18ece29b25a7555a4808277ad2651d66d705 895a723a1eab809804973a53c0ee18ece29b25a7555a4808277ad2651d66d705
]]></sourcecode> ]]></artwork>
<section anchor="encryptions-9" numbered="true" toc="default"> <section anchor="encryptions-9" numbered="true" toc="default">
<name>Encryptions</name> <name>Encryptions</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
sequence number: 0 sequence number: 0
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d30 aad: 436f756e742d30
nonce: b595dc6b2d7e2ed23af529b1 nonce: b595dc6b2d7e2ed23af529b1
ct: 90c4deb5b75318530194e4bb62f890b019b1397bbf9d0d6eb918890e1fb2be1ac260 ct: 90c4deb5b75318530194e4bb62f890b019b1397bbf9d0d6eb918890e1fb2be1a
3193b60a49c2126b75d0eb c2603193b60a49c2126b75d0eb
sequence number: 1 sequence number: 1
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d31 aad: 436f756e742d31
nonce: b595dc6b2d7e2ed23af529b0 nonce: b595dc6b2d7e2ed23af529b0
ct: 9e223384a3620f4a75b5a52f546b7262d8826dea18db5a365feb8b997180b22d72dc ct: 9e223384a3620f4a75b5a52f546b7262d8826dea18db5a365feb8b997180b22d
1287f7089a1073a7102c27 72dc1287f7089a1073a7102c27
sequence number: 2 sequence number: 2
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d32 aad: 436f756e742d32
nonce: b595dc6b2d7e2ed23af529b3 nonce: b595dc6b2d7e2ed23af529b3
ct: adf9f6000773035023be7d415e13f84c1cb32a24339a32eb81df02be9ddc6abc880d ct: adf9f6000773035023be7d415e13f84c1cb32a24339a32eb81df02be9ddc6abc
d81cceb7c1d0c7781465b2 880dd81cceb7c1d0c7781465b2
sequence number: 4 sequence number: 4
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d34 aad: 436f756e742d34
nonce: b595dc6b2d7e2ed23af529b5 nonce: b595dc6b2d7e2ed23af529b5
ct: 1f4cc9b7013d65511b1f69c050b7bd8bbd5a5c16ece82b238fec4f30ba2400e7ca8e ct: 1f4cc9b7013d65511b1f69c050b7bd8bbd5a5c16ece82b238fec4f30ba2400e7
e482ac5253cffb5c3dc577 ca8ee482ac5253cffb5c3dc577
sequence number: 255 sequence number: 255
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d323535 aad: 436f756e742d323535
nonce: b595dc6b2d7e2ed23af5294e nonce: b595dc6b2d7e2ed23af5294e
ct: cdc541253111ed7a424eea5134dc14fc5e8293ab3b537668b8656789628e45894e5b ct: cdc541253111ed7a424eea5134dc14fc5e8293ab3b537668b8656789628e4589
b873c968e3b7cdcbb654a4 4e5bb873c968e3b7cdcbb654a4
sequence number: 256 sequence number: 256
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d323536 aad: 436f756e742d323536
nonce: b595dc6b2d7e2ed23af528b1 nonce: b595dc6b2d7e2ed23af528b1
ct: faf985208858b1253b97b60aecd28bc18737b58d1242370e7703ec33b73a4c31a1af ct: faf985208858b1253b97b60aecd28bc18737b58d1242370e7703ec33b73a4c31
ee300e349adef9015bbbfd a1afee300e349adef9015bbbfd
]]></sourcecode> ]]></artwork>
</section> </section>
<section anchor="exported-values-9" numbered="true" toc="default"> <section anchor="exported-values-9" numbered="true" toc="default">
<name>Exported Values</name> <name>Exported Values</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
exporter_context: exporter_context:
L: 32 L: 32
exported_value: exported_value:
a115a59bf4dd8dc49332d6a0093af8efca1bcbfd3627d850173f5c4a55d0c185 a115a59bf4dd8dc49332d6a0093af8efca1bcbfd3627d850173f5c4a55d0c185
exporter_context: 00 exporter_context: 00
L: 32 L: 32
exported_value: exported_value:
4517eaede0669b16aac7c92d5762dd459c301fa10e02237cd5aeb9be969430c4 4517eaede0669b16aac7c92d5762dd459c301fa10e02237cd5aeb9be969430c4
exporter_context: 54657374436f6e74657874 exporter_context: 54657374436f6e74657874
L: 32 L: 32
exported_value: exported_value:
164e02144d44b607a7722e58b0f4156e67c0c2874d74cf71da6ca48a4cbdc5e0 164e02144d44b607a7722e58b0f4156e67c0c2874d74cf71da6ca48a4cbdc5e0
]]></sourcecode> ]]></artwork>
</section> </section>
</section> </section>
<section anchor="auth-setup-information-2" numbered="true" toc="default" > <section anchor="auth-setup-information-2" numbered="true" toc="default" >
<name>Auth Setup Information</name> <name>Auth Setup Information</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
mode: 2 mode: 2
kem_id: 16 kem_id: 16
kdf_id: 1 kdf_id: 1
aead_id: 1 aead_id: 1
info: 4f6465206f6e2061204772656369616e2055726e info: 4f6465206f6e2061204772656369616e2055726e
ikmE: 798d82a8d9ea19dbc7f2c6dfa54e8a6706f7cdc119db0813dacf8440ab37c857 ikmE:
pkEm: 042224f3ea800f7ec55c03f29fc9865f6ee27004f818fcbdc6dc68932c1e52e15b 798d82a8d9ea19dbc7f2c6dfa54e8a6706f7cdc119db0813dacf8440ab37c857
79e264a98f2c535ef06745f3d308624414153b22c7332bc1e691cb4af4d53454 pkEm: 042224f3ea800f7ec55c03f29fc9865f6ee27004f818fcbdc6dc68932c1e52
skEm: 6b8de0873aed0c1b2d09b8c7ed54cbf24fdf1dfc7a47fa501f918810642d7b91 e15b79e264a98f2c535ef06745f3d308624414153b22c7332bc1e691cb4af4d53454
ikmR: 7bc93bde8890d1fb55220e7f3b0c107ae7e6eda35ca4040bb6651284bf0747ee skEm:
pkRm: 04423e363e1cd54ce7b7573110ac121399acbc9ed815fae03b72ffbd4c18b01836 6b8de0873aed0c1b2d09b8c7ed54cbf24fdf1dfc7a47fa501f918810642d7b91
835c5a09513f28fc971b7266cfde2e96afe84bb0f266920e82c4f53b36e1a78d ikmR:
skRm: d929ab4be2e59f6954d6bedd93e638f02d4046cef21115b00cdda2acb2a4440e 7bc93bde8890d1fb55220e7f3b0c107ae7e6eda35ca4040bb6651284bf0747ee
ikmS: 874baa0dcf93595a24a45a7f042e0d22d368747daaa7e19f80a802af19204ba8 pkRm: 04423e363e1cd54ce7b7573110ac121399acbc9ed815fae03b72ffbd4c18b0
pkSm: 04a817a0902bf28e036d66add5d544cc3a0457eab150f104285df1e293b5c10eef 1836835c5a09513f28fc971b7266cfde2e96afe84bb0f266920e82c4f53b36e1a78d
8651213e43d9cd9086c80b309df22cf37609f58c1127f7607e85f210b2804f73 skRm:
skSm: 1120ac99fb1fccc1e8230502d245719d1b217fe20505c7648795139d177f0de9 d929ab4be2e59f6954d6bedd93e638f02d4046cef21115b00cdda2acb2a4440e
enc: 042224f3ea800f7ec55c03f29fc9865f6ee27004f818fcbdc6dc68932c1e52e15b7 ikmS:
9e264a98f2c535ef06745f3d308624414153b22c7332bc1e691cb4af4d53454 874baa0dcf93595a24a45a7f042e0d22d368747daaa7e19f80a802af19204ba8
pkSm: 04a817a0902bf28e036d66add5d544cc3a0457eab150f104285df1e293b5c1
0eef8651213e43d9cd9086c80b309df22cf37609f58c1127f7607e85f210b2804f73
skSm:
1120ac99fb1fccc1e8230502d245719d1b217fe20505c7648795139d177f0de9
enc: 042224f3ea800f7ec55c03f29fc9865f6ee27004f818fcbdc6dc68932c1e52e
15b79e264a98f2c535ef06745f3d308624414153b22c7332bc1e691cb4af4d53454
shared_secret: shared_secret:
d4aea336439aadf68f9348880aa358086f1480e7c167b6ef15453ba69b94b44f d4aea336439aadf68f9348880aa358086f1480e7c167b6ef15453ba69b94b44f
key_schedule_context: 02b88d4e6d91759e65e87c470e8b9141113e9ad5f0c8ceefc1 key_schedule_context: 02b88d4e6d91759e65e87c470e8b9141113e9ad5f0c8ce
e088c82e6980500798e486f9c9c09c9b5c753ac72d6005de254c607d1b534ed11d493ae1 efc1e088c82e6980500798e486f9c9c09c9b5c753ac72d6005de254c607d1b534ed1
c1d9ac85 1d493ae1c1d9ac85
secret: fd0a93c7c6f6b1b0dd6a822d7b16f6c61c83d98ad88426df4613c3581a2319f1 secret:
fd0a93c7c6f6b1b0dd6a822d7b16f6c61c83d98ad88426df4613c3581a2319f1
key: 19aa8472b3fdc530392b0e54ca17c0f5 key: 19aa8472b3fdc530392b0e54ca17c0f5
base_nonce: b390052d26b67a5b8a8fcaa4 base_nonce: b390052d26b67a5b8a8fcaa4
exporter_secret: exporter_secret:
f152759972660eb0e1db880835abd5de1c39c8e9cd269f6f082ed80e28acb164 f152759972660eb0e1db880835abd5de1c39c8e9cd269f6f082ed80e28acb164
]]></sourcecode> ]]></artwork>
<section anchor="encryptions-10" numbered="true" toc="default"> <section anchor="encryptions-10" numbered="true" toc="default">
<name>Encryptions</name> <name>Encryptions</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
sequence number: 0 sequence number: 0
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d30 aad: 436f756e742d30
nonce: b390052d26b67a5b8a8fcaa4 nonce: b390052d26b67a5b8a8fcaa4
ct: 82ffc8c44760db691a07c5627e5fc2c08e7a86979ee79b494a17cc3405446ac2bdb8 ct: 82ffc8c44760db691a07c5627e5fc2c08e7a86979ee79b494a17cc3405446ac2
f265db4a099ed3289ffe19 bdb8f265db4a099ed3289ffe19
sequence number: 1 sequence number: 1
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d31 aad: 436f756e742d31
nonce: b390052d26b67a5b8a8fcaa5 nonce: b390052d26b67a5b8a8fcaa5
ct: b0a705a54532c7b4f5907de51c13dffe1e08d55ee9ba59686114b05945494d96725b ct: b0a705a54532c7b4f5907de51c13dffe1e08d55ee9ba59686114b05945494d96
239468f1229e3966aa1250 725b239468f1229e3966aa1250
sequence number: 2 sequence number: 2
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d32 aad: 436f756e742d32
nonce: b390052d26b67a5b8a8fcaa6 nonce: b390052d26b67a5b8a8fcaa6
ct: 8dc805680e3271a801790833ed74473710157645584f06d1b53ad439078d880b23e2 ct: 8dc805680e3271a801790833ed74473710157645584f06d1b53ad439078d880b
5256663178271c80ee8b7c 23e25256663178271c80ee8b7c
sequence number: 4 sequence number: 4
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d34 aad: 436f756e742d34
nonce: b390052d26b67a5b8a8fcaa0 nonce: b390052d26b67a5b8a8fcaa0
ct: 04c8f7aae1584b61aa5816382cb0b834a5d744f420e6dffb5ddcec633a21b8b34728 ct: 04c8f7aae1584b61aa5816382cb0b834a5d744f420e6dffb5ddcec633a21b8b3
20930c1ea9258b035937a2 472820930c1ea9258b035937a2
sequence number: 255 sequence number: 255
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d323535 aad: 436f756e742d323535
nonce: b390052d26b67a5b8a8fca5b nonce: b390052d26b67a5b8a8fca5b
ct: 4a319462eaedee37248b4d985f64f4f863d31913fe9e30b6e13136053b69fe5d7085 ct: 4a319462eaedee37248b4d985f64f4f863d31913fe9e30b6e13136053b69fe5d
3c84c60a84bb5495d5a678 70853c84c60a84bb5495d5a678
sequence number: 256 sequence number: 256
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d323536 aad: 436f756e742d323536
nonce: b390052d26b67a5b8a8fcba4 nonce: b390052d26b67a5b8a8fcba4
ct: 28e874512f8940fafc7d06135e7589f6b4198bc0f3a1c64702e72c9e6abaf9f05cb0 ct: 28e874512f8940fafc7d06135e7589f6b4198bc0f3a1c64702e72c9e6abaf9f0
d2f11b03a517898815c934 5cb0d2f11b03a517898815c934
]]></sourcecode> ]]></artwork>
</section> </section>
<section anchor="exported-values-10" numbered="true" toc="default"> <section anchor="exported-values-10" numbered="true" toc="default">
<name>Exported Values</name> <name>Exported Values</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
exporter_context: exporter_context:
L: 32 L: 32
exported_value: exported_value:
837e49c3ff629250c8d80d3c3fb957725ed481e59e2feb57afd9fe9a8c7c4497 837e49c3ff629250c8d80d3c3fb957725ed481e59e2feb57afd9fe9a8c7c4497
exporter_context: 00 exporter_context: 00
L: 32 L: 32
exported_value: exported_value:
594213f9018d614b82007a7021c3135bda7b380da4acd9ab27165c508640dbda 594213f9018d614b82007a7021c3135bda7b380da4acd9ab27165c508640dbda
exporter_context: 54657374436f6e74657874 exporter_context: 54657374436f6e74657874
L: 32 L: 32
exported_value: exported_value:
14fe634f95ca0d86e15247cca7de7ba9b73c9b9deb6437e1c832daf7291b79d5 14fe634f95ca0d86e15247cca7de7ba9b73c9b9deb6437e1c832daf7291b79d5
]]></sourcecode> ]]></artwork>
</section> </section>
</section> </section>
<section anchor="authpsk-setup-information-2" numbered="true" toc="defau lt"> <section anchor="authpsk-setup-information-2" numbered="true" toc="defau lt">
<name>AuthPSK Setup Information</name> <name>AuthPSK Setup Information</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
mode: 3 mode: 3
kem_id: 16 kem_id: 16
kdf_id: 1 kdf_id: 1
aead_id: 1 aead_id: 1
info: 4f6465206f6e2061204772656369616e2055726e info: 4f6465206f6e2061204772656369616e2055726e
ikmE: 3c1fceb477ec954c8d58ef3249e4bb4c38241b5925b95f7486e4d9f1d0d35fbb ikmE:
pkEm: 046a1de3fc26a3d43f4e4ba97dbe24f7e99181136129c48fbe872d4743e2b13135 3c1fceb477ec954c8d58ef3249e4bb4c38241b5925b95f7486e4d9f1d0d35fbb
7ed4f29a7b317dc22509c7b00991ae990bf65f8b236700c82ab7c11a84511401 pkEm: 046a1de3fc26a3d43f4e4ba97dbe24f7e99181136129c48fbe872d4743e2b1
skEm: 36f771e411cf9cf72f0701ef2b991ce9743645b472e835fe234fb4d6eb2ff5a0 31357ed4f29a7b317dc22509c7b00991ae990bf65f8b236700c82ab7c11a84511401
ikmR: abcc2da5b3fa81d8aabd91f7f800a8ccf60ec37b1b585a5d1d1ac77f258b6cca skEm:
pkRm: 04d824d7e897897c172ac8a9e862e4bd820133b8d090a9b188b8233a64dfbc5f72 36f771e411cf9cf72f0701ef2b991ce9743645b472e835fe234fb4d6eb2ff5a0
5aa0aa52c8462ab7c9188f1c4872f0c99087a867e8a773a13df48a627058e1b3 ikmR:
skRm: bdf4e2e587afdf0930644a0c45053889ebcadeca662d7c755a353d5b4e2a8394 abcc2da5b3fa81d8aabd91f7f800a8ccf60ec37b1b585a5d1d1ac77f258b6cca
ikmS: 6262031f040a9db853edd6f91d2272596eabbc78a2ed2bd643f770ecd0f19b82 pkRm: 04d824d7e897897c172ac8a9e862e4bd820133b8d090a9b188b8233a64dfbc
pkSm: 049f158c750e55d8d5ad13ede66cf6e79801634b7acadcad72044eac2ae1d04800 5f725aa0aa52c8462ab7c9188f1c4872f0c99087a867e8a773a13df48a627058e1b3
69133d6488bf73863fa988c4ba8bde1c2e948b761274802b4d8012af4f13af9e skRm:
skSm: b0ed8721db6185435898650f7a677affce925aba7975a582653c4cb13c72d240 bdf4e2e587afdf0930644a0c45053889ebcadeca662d7c755a353d5b4e2a8394
psk: 0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82 ikmS:
6262031f040a9db853edd6f91d2272596eabbc78a2ed2bd643f770ecd0f19b82
pkSm: 049f158c750e55d8d5ad13ede66cf6e79801634b7acadcad72044eac2ae1d0
480069133d6488bf73863fa988c4ba8bde1c2e948b761274802b4d8012af4f13af9e
skSm:
b0ed8721db6185435898650f7a677affce925aba7975a582653c4cb13c72d240
psk:
0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82
psk_id: 456e6e796e20447572696e206172616e204d6f726961 psk_id: 456e6e796e20447572696e206172616e204d6f726961
enc: 046a1de3fc26a3d43f4e4ba97dbe24f7e99181136129c48fbe872d4743e2b131357 enc: 046a1de3fc26a3d43f4e4ba97dbe24f7e99181136129c48fbe872d4743e2b13
ed4f29a7b317dc22509c7b00991ae990bf65f8b236700c82ab7c11a84511401 1357ed4f29a7b317dc22509c7b00991ae990bf65f8b236700c82ab7c11a84511401
shared_secret: shared_secret:
d4c27698391db126f1612d9e91a767f10b9b19aa17e1695549203f0df7d9aebe d4c27698391db126f1612d9e91a767f10b9b19aa17e1695549203f0df7d9aebe
key_schedule_context: 03b873cdf2dff4c1434988053b7a775e980dd2039ea24f950b key_schedule_context: 03b873cdf2dff4c1434988053b7a775e980dd2039ea24f
26b056ccedcb933198e486f9c9c09c9b5c753ac72d6005de254c607d1b534ed11d493ae1 950b26b056ccedcb933198e486f9c9c09c9b5c753ac72d6005de254c607d1b534ed1
c1d9ac85 1d493ae1c1d9ac85
secret: 3bf9d4c7955da2740414e73081fa74d6f6f2b4b9645d0685219813ce99a2f270 secret:
3bf9d4c7955da2740414e73081fa74d6f6f2b4b9645d0685219813ce99a2f270
key: 4d567121d67fae1227d90e11585988fb key: 4d567121d67fae1227d90e11585988fb
base_nonce: 67c9d05330ca21e5116ecda6 base_nonce: 67c9d05330ca21e5116ecda6
exporter_secret: exporter_secret:
3f479020ae186788e4dfd4a42a21d24f3faabb224dd4f91c2b2e5e9524ca27b2 3f479020ae186788e4dfd4a42a21d24f3faabb224dd4f91c2b2e5e9524ca27b2
]]></sourcecode> ]]></artwork>
<section anchor="encryptions-11" numbered="true" toc="default"> <section anchor="encryptions-11" numbered="true" toc="default">
<name>Encryptions</name> <name>Encryptions</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
sequence number: 0 sequence number: 0
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d30 aad: 436f756e742d30
nonce: 67c9d05330ca21e5116ecda6 nonce: 67c9d05330ca21e5116ecda6
ct: b9f36d58d9eb101629a3e5a7b63d2ee4af42b3644209ab37e0a272d44365407db8e6 ct: b9f36d58d9eb101629a3e5a7b63d2ee4af42b3644209ab37e0a272d44365407d
55c72e4fa46f4ff81b9246 b8e655c72e4fa46f4ff81b9246
sequence number: 1 sequence number: 1
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d31 aad: 436f756e742d31
nonce: 67c9d05330ca21e5116ecda7 nonce: 67c9d05330ca21e5116ecda7
ct: 51788c4e5d56276771032749d015d3eea651af0c7bb8e3da669effffed299ea1f641 ct: 51788c4e5d56276771032749d015d3eea651af0c7bb8e3da669effffed299ea1
df621af65579c10fc09736 f641df621af65579c10fc09736
sequence number: 2 sequence number: 2
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d32 aad: 436f756e742d32
nonce: 67c9d05330ca21e5116ecda4 nonce: 67c9d05330ca21e5116ecda4
ct: 3b5a2be002e7b29927f06442947e1cf709b9f8508b03823127387223d712703471c2 ct: 3b5a2be002e7b29927f06442947e1cf709b9f8508b03823127387223d7127034
66efc355f1bc2036f3027c 71c266efc355f1bc2036f3027c
sequence number: 4 sequence number: 4
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d34 aad: 436f756e742d34
nonce: 67c9d05330ca21e5116ecda2 nonce: 67c9d05330ca21e5116ecda2
ct: 8ddbf1242fe5c7d61e1675496f3bfdb4d90205b3dfbc1b12aab41395d71a82118e09 ct: 8ddbf1242fe5c7d61e1675496f3bfdb4d90205b3dfbc1b12aab41395d71a8211
5c484103107cf4face5123 8e095c484103107cf4face5123
sequence number: 255 sequence number: 255
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d323535 aad: 436f756e742d323535
nonce: 67c9d05330ca21e5116ecd59 nonce: 67c9d05330ca21e5116ecd59
ct: 6de25ceadeaec572fbaa25eda2558b73c383fe55106abaec24d518ef6724a7ce698f ct: 6de25ceadeaec572fbaa25eda2558b73c383fe55106abaec24d518ef6724a7ce
83ecdc53e640fe214d2f42 698f83ecdc53e640fe214d2f42
sequence number: 256 sequence number: 256
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d323536 aad: 436f756e742d323536
nonce: 67c9d05330ca21e5116ecca6 nonce: 67c9d05330ca21e5116ecca6
ct: f380e19d291e12c5e378b51feb5cd50f6d00df6cb2af8393794c4df342126c2e2963 ct: f380e19d291e12c5e378b51feb5cd50f6d00df6cb2af8393794c4df342126c2e
3fe7e8ce49587531affd4d 29633fe7e8ce49587531affd4d
]]></sourcecode> ]]></artwork>
</section> </section>
<section anchor="exported-values-11" numbered="true" toc="default"> <section anchor="exported-values-11" numbered="true" toc="default">
<name>Exported Values</name> <name>Exported Values</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
exporter_context: exporter_context:
L: 32 L: 32
exported_value: exported_value:
595ce0eff405d4b3bb1d08308d70a4e77226ce11766e0a94c4fdb5d90025c978 595ce0eff405d4b3bb1d08308d70a4e77226ce11766e0a94c4fdb5d90025c978
exporter_context: 00 exporter_context: 00
L: 32 L: 32
exported_value: exported_value:
110472ee0ae328f57ef7332a9886a1992d2c45b9b8d5abc9424ff68630f7d38d 110472ee0ae328f57ef7332a9886a1992d2c45b9b8d5abc9424ff68630f7d38d
exporter_context: 54657374436f6e74657874 exporter_context: 54657374436f6e74657874
L: 32 L: 32
exported_value: exported_value:
18ee4d001a9d83a4c67e76f88dd747766576cac438723bad0700a910a4d717e6 18ee4d001a9d83a4c67e76f88dd747766576cac438723bad0700a910a4d717e6
]]></sourcecode> ]]></artwork>
</section> </section>
</section> </section>
</section> </section>
<section anchor="dhkemp-256-hkdf-sha256-hkdf-sha512-aes-128-gcm" numbered= "true" toc="default"> <section anchor="dhkemp-256-hkdf-sha256-hkdf-sha512-aes-128-gcm" numbered= "true" toc="default">
<name>DHKEM(P-256, HKDF-SHA256), HKDF-SHA512, AES-128-GCM</name> <name>DHKEM(P-256, HKDF-SHA256), HKDF-SHA512, AES-128-GCM</name>
<section anchor="base-setup-information-3" numbered="true" toc="default" > <section anchor="base-setup-information-3" numbered="true" toc="default" >
<name>Base Setup Information</name> <name>Base Setup Information</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
mode: 0 mode: 0
kem_id: 16 kem_id: 16
kdf_id: 3 kdf_id: 3
aead_id: 1 aead_id: 1
info: 4f6465206f6e2061204772656369616e2055726e info: 4f6465206f6e2061204772656369616e2055726e
ikmE: 4ab11a9dd78c39668f7038f921ffc0993b368171d3ddde8031501ee1e08c4c9a ikmE:
pkEm: 0493ed86735bdfb978cc055c98b45695ad7ce61ce748f4dd63c525a3b8d53a1556 4ab11a9dd78c39668f7038f921ffc0993b368171d3ddde8031501ee1e08c4c9a
5c6897888070070c1579db1f86aaa56deb8297e64db7e8924e72866f9a472580 pkEm: 0493ed86735bdfb978cc055c98b45695ad7ce61ce748f4dd63c525a3b8d53a
skEm: 2292bf14bb6e15b8c81a0f45b7a6e93e32d830e48cca702e0affcfb4d07e1b5c 15565c6897888070070c1579db1f86aaa56deb8297e64db7e8924e72866f9a472580
ikmR: ea9ff7cc5b2705b188841c7ace169290ff312a9cb31467784ca92d7a2e6e1be8 skEm:
pkRm: 04085aa5b665dc3826f9650ccbcc471be268c8ada866422f739e2d531d4a8818a9 2292bf14bb6e15b8c81a0f45b7a6e93e32d830e48cca702e0affcfb4d07e1b5c
466bc6b449357096232919ec4fe9070ccbac4aac30f4a1a53efcf7af90610edd ikmR:
skRm: 3ac8530ad1b01885960fab38cf3cdc4f7aef121eaa239f222623614b4079fb38 ea9ff7cc5b2705b188841c7ace169290ff312a9cb31467784ca92d7a2e6e1be8
enc: 0493ed86735bdfb978cc055c98b45695ad7ce61ce748f4dd63c525a3b8d53a15565 pkRm: 04085aa5b665dc3826f9650ccbcc471be268c8ada866422f739e2d531d4a88
c6897888070070c1579db1f86aaa56deb8297e64db7e8924e72866f9a472580 18a9466bc6b449357096232919ec4fe9070ccbac4aac30f4a1a53efcf7af90610edd
skRm:
3ac8530ad1b01885960fab38cf3cdc4f7aef121eaa239f222623614b4079fb38
enc: 0493ed86735bdfb978cc055c98b45695ad7ce61ce748f4dd63c525a3b8d53a1
5565c6897888070070c1579db1f86aaa56deb8297e64db7e8924e72866f9a472580
shared_secret: shared_secret:
02f584736390fc93f5b4ad039826a3fa08e9911bd1215a3db8e8791ba533cafd 02f584736390fc93f5b4ad039826a3fa08e9911bd1215a3db8e8791ba533cafd
key_schedule_context: 005b8a3617af7789ee716e7911c7e77f84cdc4cc46e60fb7e1 key_schedule_context: 005b8a3617af7789ee716e7911c7e77f84cdc4cc46e60f
9e4059f9aeadc00585e26874d1ddde76e551a7679cd47168c466f6e1f705cc9374c19277 b7e19e4059f9aeadc00585e26874d1ddde76e551a7679cd47168c466f6e1f705cc93
8a34fcd5ca221d77e229a9d11b654de7942d685069c633b2362ce3b3d8ea4891c9a2a87a 74c192778a34fcd5ca221d77e229a9d11b654de7942d685069c633b2362ce3b3d8ea
4eb7cdb289ba5e2ecbf8cd2c8498bb4a383dc021454d70d46fcbbad1252ef4f9 4891c9a2a87a4eb7cdb289ba5e2ecbf8cd2c8498bb4a383dc021454d70d46fcbbad1
secret: 0c7acdab61693f936c4c1256c78e7be30eebfe466812f9cc49f0b58dc970328d 252ef4f9
fc03ea359be0250a471b1635a193d2dfa8cb23c90aa2e25025b892a725353eeb secret: 0c7acdab61693f936c4c1256c78e7be30eebfe466812f9cc49f0b58dc970
328dfc03ea359be0250a471b1635a193d2dfa8cb23c90aa2e25025b892a725353eeb
key: 090ca96e5f8aa02b69fac360da50ddf9 key: 090ca96e5f8aa02b69fac360da50ddf9
base_nonce: 9c995e621bf9a20c5ca45546 base_nonce: 9c995e621bf9a20c5ca45546
exporter_secret: 4a7abb2ac43e6553f129b2c5750a7e82d149a76ed56dc342d7bca61 exporter_secret: 4a7abb2ac43e6553f129b2c5750a7e82d149a76ed56dc342d7b
e26d494f4855dff0d0165f27ce57756f7f16baca006539bb8e4518987ba610480ac03efa ca61e26d494f4855dff0d0165f27ce57756f7f16baca006539bb8e4518987ba61048
8 0ac03efa8
]]></sourcecode> ]]></artwork>
<section anchor="encryptions-12" numbered="true" toc="default"> <section anchor="encryptions-12" numbered="true" toc="default">
<name>Encryptions</name> <name>Encryptions</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
sequence number: 0 sequence number: 0
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d30 aad: 436f756e742d30
nonce: 9c995e621bf9a20c5ca45546 nonce: 9c995e621bf9a20c5ca45546
ct: d3cf4984931484a080f74c1bb2a6782700dc1fef9abe8442e44a6f09044c88907200 ct: d3cf4984931484a080f74c1bb2a6782700dc1fef9abe8442e44a6f09044c8890
b332003543754eb51917ba 7200b332003543754eb51917ba
sequence number: 1 sequence number: 1
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d31 aad: 436f756e742d31
nonce: 9c995e621bf9a20c5ca45547 nonce: 9c995e621bf9a20c5ca45547
ct: d14414555a47269dfead9fbf26abb303365e40709a4ed16eaefe1f2070f1ddeb1bdd ct: d14414555a47269dfead9fbf26abb303365e40709a4ed16eaefe1f2070f1ddeb
94d9e41186f124e0acc62d 1bdd94d9e41186f124e0acc62d
sequence number: 2 sequence number: 2
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d32 aad: 436f756e742d32
nonce: 9c995e621bf9a20c5ca45544 nonce: 9c995e621bf9a20c5ca45544
ct: 9bba136cade5c4069707ba91a61932e2cbedda2d9c7bdc33515aa01dd0e0f7e9d357 ct: 9bba136cade5c4069707ba91a61932e2cbedda2d9c7bdc33515aa01dd0e0f7e9
9bf4016dec37da4aafa800 d3579bf4016dec37da4aafa800
sequence number: 4 sequence number: 4
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d34 aad: 436f756e742d34
nonce: 9c995e621bf9a20c5ca45542 nonce: 9c995e621bf9a20c5ca45542
ct: a531c0655342be013bf32112951f8df1da643602f1866749519f5dcb09cc68432579 ct: a531c0655342be013bf32112951f8df1da643602f1866749519f5dcb09cc6843
de305a77e6864e862a7600 2579de305a77e6864e862a7600
sequence number: 255 sequence number: 255
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d323535 aad: 436f756e742d323535
nonce: 9c995e621bf9a20c5ca455b9 nonce: 9c995e621bf9a20c5ca455b9
ct: be5da649469efbad0fb950366a82a73fefeda5f652ec7d3731fac6c4ffa21a7004d2 ct: be5da649469efbad0fb950366a82a73fefeda5f652ec7d3731fac6c4ffa21a70
ab8a04e13621bd3629547d 04d2ab8a04e13621bd3629547d
sequence number: 256 sequence number: 256
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d323536 aad: 436f756e742d323536
nonce: 9c995e621bf9a20c5ca45446 nonce: 9c995e621bf9a20c5ca45446
ct: 62092672f5328a0dde095e57435edf7457ace60b26ee44c9291110ec135cb0e14b85 ct: 62092672f5328a0dde095e57435edf7457ace60b26ee44c9291110ec135cb0e1
594e4fea11247d937deb62 4b85594e4fea11247d937deb62
]]></sourcecode> ]]></artwork>
</section> </section>
<section anchor="exported-values-12" numbered="true" toc="default"> <section anchor="exported-values-12" numbered="true" toc="default">
<name>Exported Values</name> <name>Exported Values</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
exporter_context: exporter_context:
L: 32 L: 32
exported_value: exported_value:
a32186b8946f61aeead1c093fe614945f85833b165b28c46bf271abf16b57208 a32186b8946f61aeead1c093fe614945f85833b165b28c46bf271abf16b57208
exporter_context: 00 exporter_context: 00
L: 32 L: 32
exported_value: exported_value:
84998b304a0ea2f11809398755f0abd5f9d2c141d1822def79dd15c194803c2a 84998b304a0ea2f11809398755f0abd5f9d2c141d1822def79dd15c194803c2a
exporter_context: 54657374436f6e74657874 exporter_context: 54657374436f6e74657874
L: 32 L: 32
exported_value: exported_value:
93fb9411430b2cfa2cf0bed448c46922a5be9beff20e2e621df7e4655852edbc 93fb9411430b2cfa2cf0bed448c46922a5be9beff20e2e621df7e4655852edbc
]]></sourcecode> ]]></artwork>
</section> </section>
</section> </section>
<section anchor="psk-setup-information-3" numbered="true" toc="default"> <section anchor="psk-setup-information-3" numbered="true" toc="default">
<name>PSK Setup Information</name> <name>PSK Setup Information</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
mode: 1 mode: 1
kem_id: 16 kem_id: 16
kdf_id: 3 kdf_id: 3
aead_id: 1 aead_id: 1
info: 4f6465206f6e2061204772656369616e2055726e info: 4f6465206f6e2061204772656369616e2055726e
ikmE: c11d883d6587f911d2ddbc2a0859d5b42fb13bf2c8e89ef408a25564893856f5 ikmE:
pkEm: 04a307934180ad5287f95525fe5bc6244285d7273c15e061f0f2efb211c35057f3 c11d883d6587f911d2ddbc2a0859d5b42fb13bf2c8e89ef408a25564893856f5
079f6e0abae200992610b25f48b63aacfcb669106ddee8aa023feed301901371 pkEm: 04a307934180ad5287f95525fe5bc6244285d7273c15e061f0f2efb211c350
skEm: a5901ff7d6931959c2755382ea40a4869b1dec3694ed3b009dda2d77dd488f18 57f3079f6e0abae200992610b25f48b63aacfcb669106ddee8aa023feed301901371
ikmR: 75bfc2a3a3541170a54c0b06444e358d0ee2b4fb78a401fd399a47a33723b700 skEm:
pkRm: 043f5266fba0742db649e1043102b8a5afd114465156719cea90373229aabdd84d a5901ff7d6931959c2755382ea40a4869b1dec3694ed3b009dda2d77dd488f18
7f45dabfc1f55664b888a7e86d594853a6cccdc9b189b57839cbbe3b90b55873 ikmR:
skRm: bc6f0b5e22429e5ff47d5969003f3cae0f4fec50e23602e880038364f33b8522 75bfc2a3a3541170a54c0b06444e358d0ee2b4fb78a401fd399a47a33723b700
psk: 0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82 pkRm: 043f5266fba0742db649e1043102b8a5afd114465156719cea90373229aabd
d84d7f45dabfc1f55664b888a7e86d594853a6cccdc9b189b57839cbbe3b90b55873
skRm:
bc6f0b5e22429e5ff47d5969003f3cae0f4fec50e23602e880038364f33b8522
psk:
0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82
psk_id: 456e6e796e20447572696e206172616e204d6f726961 psk_id: 456e6e796e20447572696e206172616e204d6f726961
enc: 04a307934180ad5287f95525fe5bc6244285d7273c15e061f0f2efb211c35057f30 enc: 04a307934180ad5287f95525fe5bc6244285d7273c15e061f0f2efb211c3505
79f6e0abae200992610b25f48b63aacfcb669106ddee8aa023feed301901371 7f3079f6e0abae200992610b25f48b63aacfcb669106ddee8aa023feed301901371
shared_secret: shared_secret:
2912aacc6eaebd71ff715ea50f6ef3a6637856b2a4c58ea61e0c3fc159e3bc16 2912aacc6eaebd71ff715ea50f6ef3a6637856b2a4c58ea61e0c3fc159e3bc16
key_schedule_context: 01713f73042575cebfd132f0cc4338523f8eae95c80a749f7c key_schedule_context: 01713f73042575cebfd132f0cc4338523f8eae95c80a74
f3eb9436ff1c612ca62c37df27ca46d2cc162445a92c5f5fdc57bcde129ca7b1f284b0c1 9f7cf3eb9436ff1c612ca62c37df27ca46d2cc162445a92c5f5fdc57bcde129ca7b1
2297c037ca221d77e229a9d11b654de7942d685069c633b2362ce3b3d8ea4891c9a2a87a f284b0c12297c037ca221d77e229a9d11b654de7942d685069c633b2362ce3b3d8ea
4eb7cdb289ba5e2ecbf8cd2c8498bb4a383dc021454d70d46fcbbad1252ef4f9 4891c9a2a87a4eb7cdb289ba5e2ecbf8cd2c8498bb4a383dc021454d70d46fcbbad1
secret: ff2051d2128d5f3078de867143e076262ce1d0aecafc3fff3d607f1eaff05345 252ef4f9
c7d5ffcb3202cdecb3d1a2f7da20592a237747b6e855390cbe2109d3e6ac70c2 secret: ff2051d2128d5f3078de867143e076262ce1d0aecafc3fff3d607f1eaff0
5345c7d5ffcb3202cdecb3d1a2f7da20592a237747b6e855390cbe2109d3e6ac70c2
key: 0b910ba8d9cfa17e5f50c211cb32839a key: 0b910ba8d9cfa17e5f50c211cb32839a
base_nonce: 0c29e714eb52de5b7415a1b7 base_nonce: 0c29e714eb52de5b7415a1b7
exporter_secret: 50c0a182b6f94b4c0bd955c4aa20df01f282cc12c43065a0812fe4d exporter_secret: 50c0a182b6f94b4c0bd955c4aa20df01f282cc12c43065a0812
4352790171ed2b2c4756ad7f5a730ba336c8f1edd0089d8331192058c385bae39c7cc8b5 fe4d4352790171ed2b2c4756ad7f5a730ba336c8f1edd0089d8331192058c385bae3
7 9c7cc8b57
]]></sourcecode> ]]></artwork>
<section anchor="encryptions-13" numbered="true" toc="default"> <section anchor="encryptions-13" numbered="true" toc="default">
<name>Encryptions</name> <name>Encryptions</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
sequence number: 0 sequence number: 0
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d30 aad: 436f756e742d30
nonce: 0c29e714eb52de5b7415a1b7 nonce: 0c29e714eb52de5b7415a1b7
ct: 57624b6e320d4aba0afd11f548780772932f502e2ba2a8068676b2a0d3b5129a45b9 ct: 57624b6e320d4aba0afd11f548780772932f502e2ba2a8068676b2a0d3b5129a
faa88de39e8306da41d4cc 45b9faa88de39e8306da41d4cc
sequence number: 1 sequence number: 1
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d31 aad: 436f756e742d31
nonce: 0c29e714eb52de5b7415a1b6 nonce: 0c29e714eb52de5b7415a1b6
ct: 159d6b4c24bacaf2f5049b7863536d8f3ffede76302dace42080820fa51925d4e1c7 ct: 159d6b4c24bacaf2f5049b7863536d8f3ffede76302dace42080820fa51925d4
2a64f87b14291a3057e00a e1c72a64f87b14291a3057e00a
sequence number: 2 sequence number: 2
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d32 aad: 436f756e742d32
nonce: 0c29e714eb52de5b7415a1b5 nonce: 0c29e714eb52de5b7415a1b5
ct: bd24140859c99bf0055075e9c460032581dd1726d52cf980d308e9b20083ca62e700 ct: bd24140859c99bf0055075e9c460032581dd1726d52cf980d308e9b20083ca62
b17892bcf7fa82bac751d0 e700b17892bcf7fa82bac751d0
sequence number: 4 sequence number: 4
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d34 aad: 436f756e742d34
nonce: 0c29e714eb52de5b7415a1b3 nonce: 0c29e714eb52de5b7415a1b3
ct: 93ddd55f82e9aaaa3cfc06840575f09d80160b20538125c2549932977d1238dde812 ct: 93ddd55f82e9aaaa3cfc06840575f09d80160b20538125c2549932977d1238dd
6a4a91118faf8632f62cb8 e8126a4a91118faf8632f62cb8
sequence number: 255 sequence number: 255
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d323535 aad: 436f756e742d323535
nonce: 0c29e714eb52de5b7415a148 nonce: 0c29e714eb52de5b7415a148
ct: 377a98a3c34bf716581b05a6b3fdc257f245856384d5f2241c8840571c52f5c85c21 ct: 377a98a3c34bf716581b05a6b3fdc257f245856384d5f2241c8840571c52f5c8
138a4a81655edab8fe227d 5c21138a4a81655edab8fe227d
sequence number: 256 sequence number: 256
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d323536 aad: 436f756e742d323536
nonce: 0c29e714eb52de5b7415a0b7 nonce: 0c29e714eb52de5b7415a0b7
ct: cc161f5a179831d456d119d2f2c19a6817289c75d1c61cd37ac8a450acd9efba02e0 ct: cc161f5a179831d456d119d2f2c19a6817289c75d1c61cd37ac8a450acd9efba
ac00d128c17855931ff69a 02e0ac00d128c17855931ff69a
]]></sourcecode> ]]></artwork>
</section> </section>
<section anchor="exported-values-13" numbered="true" toc="default"> <section anchor="exported-values-13" numbered="true" toc="default">
<name>Exported Values</name> <name>Exported Values</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
exporter_context: exporter_context:
L: 32 L: 32
exported_value: exported_value:
8158bea21a6700d37022bb7802866edca30ebf2078273757b656ef7fc2e428cf 8158bea21a6700d37022bb7802866edca30ebf2078273757b656ef7fc2e428cf
exporter_context: 00 exporter_context: 00
L: 32 L: 32
exported_value: exported_value:
6a348ba6e0e72bb3ef22479214a139ef8dac57be34509a61087a12565473da8d 6a348ba6e0e72bb3ef22479214a139ef8dac57be34509a61087a12565473da8d
exporter_context: 54657374436f6e74657874 exporter_context: 54657374436f6e74657874
L: 32 L: 32
exported_value: exported_value:
2f6d4f7a18ec48de1ef4469f596aada4afdf6d79b037ed3c07e0118f8723bffc 2f6d4f7a18ec48de1ef4469f596aada4afdf6d79b037ed3c07e0118f8723bffc
]]></sourcecode> ]]></artwork>
</section> </section>
</section> </section>
<section anchor="auth-setup-information-3" numbered="true" toc="default" > <section anchor="auth-setup-information-3" numbered="true" toc="default" >
<name>Auth Setup Information</name> <name>Auth Setup Information</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
mode: 2 mode: 2
kem_id: 16 kem_id: 16
kdf_id: 3 kdf_id: 3
aead_id: 1 aead_id: 1
info: 4f6465206f6e2061204772656369616e2055726e info: 4f6465206f6e2061204772656369616e2055726e
ikmE: 6bb031aa9197562da0b44e737db2b9e61f6c3ea1138c37de28fc37ac29bc7350 ikmE:
pkEm: 04fec59fa9f76f5d0f6c1660bb179cb314ed97953c53a60ab38f8e6ace60fd5917 6bb031aa9197562da0b44e737db2b9e61f6c3ea1138c37de28fc37ac29bc7350
8084d0dd66e0f79172992d4ddb2e91172ce24949bcebfff158dcc417f2c6e9c6 pkEm: 04fec59fa9f76f5d0f6c1660bb179cb314ed97953c53a60ab38f8e6ace60fd
skEm: 93cddd5288e7ef4884c8fe321d075df01501b993ff49ffab8184116f39b3c655 59178084d0dd66e0f79172992d4ddb2e91172ce24949bcebfff158dcc417f2c6e9c6
ikmR: 649a3f92edbb7a2516a0ade0b7dccc58a37240c4ba06f9726a952227b4adf6ff skEm:
pkRm: 04378bad519aab406e04d0e5608bcca809c02d6afd2272d4dd03e9357bd0eee8ad 93cddd5288e7ef4884c8fe321d075df01501b993ff49ffab8184116f39b3c655
f84c8deba3155c9cf9506d1d4c8bfefe3cf033a75716cc3cc07295100ec96276 ikmR:
skRm: 1ea4484be482bf25fdb2ed39e6a02ed9156b3e57dfb18dff82e4a048de990236 649a3f92edbb7a2516a0ade0b7dccc58a37240c4ba06f9726a952227b4adf6ff
ikmS: 4d79b8691aab55a7265e8490a04bb3860ed64dece90953ad0dc43a6ea59b4bf2 pkRm: 04378bad519aab406e04d0e5608bcca809c02d6afd2272d4dd03e9357bd0ee
pkSm: 0404d3c1f9fca22eb4a6d326125f0814c35593b1da8ea0d11a640730b215a259b9 e8adf84c8deba3155c9cf9506d1d4c8bfefe3cf033a75716cc3cc07295100ec96276
b98a34ad17e21617d19fe1d4fa39a4828bfdb306b729ec51c543caca3b2d9529 skRm:
skSm: 02b266d66919f7b08f42ae0e7d97af4ca98b2dae3043bb7e0740ccadc1957579 1ea4484be482bf25fdb2ed39e6a02ed9156b3e57dfb18dff82e4a048de990236
enc: 04fec59fa9f76f5d0f6c1660bb179cb314ed97953c53a60ab38f8e6ace60fd59178 ikmS:
084d0dd66e0f79172992d4ddb2e91172ce24949bcebfff158dcc417f2c6e9c6 4d79b8691aab55a7265e8490a04bb3860ed64dece90953ad0dc43a6ea59b4bf2
pkSm: 0404d3c1f9fca22eb4a6d326125f0814c35593b1da8ea0d11a640730b215a2
59b9b98a34ad17e21617d19fe1d4fa39a4828bfdb306b729ec51c543caca3b2d9529
skSm:
02b266d66919f7b08f42ae0e7d97af4ca98b2dae3043bb7e0740ccadc1957579
enc: 04fec59fa9f76f5d0f6c1660bb179cb314ed97953c53a60ab38f8e6ace60fd5
9178084d0dd66e0f79172992d4ddb2e91172ce24949bcebfff158dcc417f2c6e9c6
shared_secret: shared_secret:
1ed49f6d7ada333d171cd63861a1cb700a1ec4236755a9cd5f9f8f67a2f8e7b3 1ed49f6d7ada333d171cd63861a1cb700a1ec4236755a9cd5f9f8f67a2f8e7b3
key_schedule_context: 025b8a3617af7789ee716e7911c7e77f84cdc4cc46e60fb7e1 key_schedule_context: 025b8a3617af7789ee716e7911c7e77f84cdc4cc46e60f
9e4059f9aeadc00585e26874d1ddde76e551a7679cd47168c466f6e1f705cc9374c19277 b7e19e4059f9aeadc00585e26874d1ddde76e551a7679cd47168c466f6e1f705cc93
8a34fcd5ca221d77e229a9d11b654de7942d685069c633b2362ce3b3d8ea4891c9a2a87a 74c192778a34fcd5ca221d77e229a9d11b654de7942d685069c633b2362ce3b3d8ea
4eb7cdb289ba5e2ecbf8cd2c8498bb4a383dc021454d70d46fcbbad1252ef4f9 4891c9a2a87a4eb7cdb289ba5e2ecbf8cd2c8498bb4a383dc021454d70d46fcbbad1
secret: 9c846ba81ddbbd57bc26d99da6cf7ab956bb735ecd47fe21ed14241c70791b74 252ef4f9
84c1d06663d21a5d97bf1be70d56ab727f650c4f859c5ed3f71f8928b3c082dd secret: 9c846ba81ddbbd57bc26d99da6cf7ab956bb735ecd47fe21ed14241c7079
1b7484c1d06663d21a5d97bf1be70d56ab727f650c4f859c5ed3f71f8928b3c082dd
key: 9d4b1c83129f3de6db95faf3d539dcf1 key: 9d4b1c83129f3de6db95faf3d539dcf1
base_nonce: ea4fd7a485ee5f1f4b62c1b7 base_nonce: ea4fd7a485ee5f1f4b62c1b7
exporter_secret: ca2410672369aae1afd6c2639f4fe34ca36d35410c090608d2924f6 exporter_secret: ca2410672369aae1afd6c2639f4fe34ca36d35410c090608d29
0def17f910d7928575434d7f991b1f19d3e8358b8278ff59ced0d5eed4774cec72e12766 24f60def17f910d7928575434d7f991b1f19d3e8358b8278ff59ced0d5eed4774cec
e 72e12766e
]]></sourcecode> ]]></artwork>
<section anchor="encryptions-14" numbered="true" toc="default"> <section anchor="encryptions-14" numbered="true" toc="default">
<name>Encryptions</name> <name>Encryptions</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
sequence number: 0 sequence number: 0
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d30 aad: 436f756e742d30
nonce: ea4fd7a485ee5f1f4b62c1b7 nonce: ea4fd7a485ee5f1f4b62c1b7
ct: 2480179d880b5f458154b8bfe3c7e8732332de84aabf06fc440f6b31f169e154157f ct: 2480179d880b5f458154b8bfe3c7e8732332de84aabf06fc440f6b31f169e154
a9eb44f2fa4d7b38a9236e 157fa9eb44f2fa4d7b38a9236e
sequence number: 1 sequence number: 1
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d31 aad: 436f756e742d31
nonce: ea4fd7a485ee5f1f4b62c1b6 nonce: ea4fd7a485ee5f1f4b62c1b6
ct: 10cd81e3a816d29942b602a92884348171a31cbd0f042c3057c65cd93c540943a5b0 ct: 10cd81e3a816d29942b602a92884348171a31cbd0f042c3057c65cd93c540943
5115bd520c09281061935b a5b05115bd520c09281061935b
sequence number: 2 sequence number: 2
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d32 aad: 436f756e742d32
nonce: ea4fd7a485ee5f1f4b62c1b5 nonce: ea4fd7a485ee5f1f4b62c1b5
ct: 920743a88d8cf6a09e1a3098e8be8edd09db136e9d543f215924043af8c7410f68ce ct: 920743a88d8cf6a09e1a3098e8be8edd09db136e9d543f215924043af8c7410f
6aa64fd2b1a176e7f6b3fd 68ce6aa64fd2b1a176e7f6b3fd
sequence number: 4 sequence number: 4
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d34 aad: 436f756e742d34
nonce: ea4fd7a485ee5f1f4b62c1b3 nonce: ea4fd7a485ee5f1f4b62c1b3
ct: 6b11380fcc708fc8589effb5b5e0394cbd441fa5e240b5500522150ca8265d65ff55 ct: 6b11380fcc708fc8589effb5b5e0394cbd441fa5e240b5500522150ca8265d65
479405af936e2349119dcd ff55479405af936e2349119dcd
sequence number: 255 sequence number: 255
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d323535 aad: 436f756e742d323535
nonce: ea4fd7a485ee5f1f4b62c148 nonce: ea4fd7a485ee5f1f4b62c148
ct: d084eca50e7554bb97ba34c4482dfe32c9a2b7f3ab009c2d1b68ecbf97bee2d28cd9 ct: d084eca50e7554bb97ba34c4482dfe32c9a2b7f3ab009c2d1b68ecbf97bee2d2
4b6c829b96361f2701772d 8cd94b6c829b96361f2701772d
sequence number: 256 sequence number: 256
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d323536 aad: 436f756e742d323536
nonce: ea4fd7a485ee5f1f4b62c0b7 nonce: ea4fd7a485ee5f1f4b62c0b7
ct: 247da592cc4ce834a94de2c79f5730ee49342470a021e4a4bc2bb77c53b17413e94d ct: 247da592cc4ce834a94de2c79f5730ee49342470a021e4a4bc2bb77c53b17413
94f57b4fdaedcf97cfe7b1 e94d94f57b4fdaedcf97cfe7b1
]]></sourcecode> ]]></artwork>
</section> </section>
<section anchor="exported-values-14" numbered="true" toc="default"> <section anchor="exported-values-14" numbered="true" toc="default">
<name>Exported Values</name> <name>Exported Values</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
exporter_context: exporter_context:
L: 32 L: 32
exported_value: exported_value:
f03fbc82f321a0ab4840e487cb75d07aafd8e6f68485e4f7ff72b2f55ff24ad6 f03fbc82f321a0ab4840e487cb75d07aafd8e6f68485e4f7ff72b2f55ff24ad6
exporter_context: 00 exporter_context: 00
L: 32 L: 32
exported_value: exported_value:
1ce0cadec0a8f060f4b5070c8f8888dcdfefc2e35819df0cd559928a11ff0891 1ce0cadec0a8f060f4b5070c8f8888dcdfefc2e35819df0cd559928a11ff0891
exporter_context: 54657374436f6e74657874 exporter_context: 54657374436f6e74657874
L: 32 L: 32
exported_value: exported_value:
70c405c707102fd0041ea716090753be47d68d238b111d542846bd0d84ba907c 70c405c707102fd0041ea716090753be47d68d238b111d542846bd0d84ba907c
]]></sourcecode> ]]></artwork>
</section> </section>
</section> </section>
<section anchor="authpsk-setup-information-3" numbered="true" toc="defau lt"> <section anchor="authpsk-setup-information-3" numbered="true" toc="defau lt">
<name>AuthPSK Setup Information</name> <name>AuthPSK Setup Information</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
mode: 3 mode: 3
kem_id: 16 kem_id: 16
kdf_id: 3 kdf_id: 3
aead_id: 1 aead_id: 1
info: 4f6465206f6e2061204772656369616e2055726e info: 4f6465206f6e2061204772656369616e2055726e
ikmE: 37ae06a521cd555648c928d7af58ad2aa4a85e34b8cabd069e94ad55ab872cc8 ikmE:
pkEm: 04801740f4b1b35823f7fb2930eac2efc8c4893f34ba111c0bb976e3c7d5dc0aef 37ae06a521cd555648c928d7af58ad2aa4a85e34b8cabd069e94ad55ab872cc8
5a7ef0bf4057949a140285f774f1efc53b3860936b92279a11b68395d898d138 pkEm: 04801740f4b1b35823f7fb2930eac2efc8c4893f34ba111c0bb976e3c7d5dc
skEm: 778f2254ae5d661d5c7fca8c4a7495a25bd13f26258e459159f3899df0de76c1 0aef5a7ef0bf4057949a140285f774f1efc53b3860936b92279a11b68395d898d138
ikmR: 7466024b7e2d2366c3914d7833718f13afb9e3e45bcfbb510594d614ddd9b4e7 skEm:
pkRm: 04a4ca7af2fc2cce48edbf2f1700983e927743a4e85bb5035ad562043e25d9a111 778f2254ae5d661d5c7fca8c4a7495a25bd13f26258e459159f3899df0de76c1
cbf6f7385fac55edc5c9d2ca6ed351a5643de95c36748e11dbec98730f4d43e9 ikmR:
skRm: 00510a70fde67af487c093234fc4215c1cdec09579c4b30cc8e48cb530414d0e 7466024b7e2d2366c3914d7833718f13afb9e3e45bcfbb510594d614ddd9b4e7
ikmS: ee27aaf99bf5cd8398e9de88ac09a82ac22cdb8d0905ab05c0f5fa12ba1709f3 pkRm: 04a4ca7af2fc2cce48edbf2f1700983e927743a4e85bb5035ad562043e25d9
pkSm: 04b59a4157a9720eb749c95f842a5e3e8acdccbe834426d405509ac3191e23f216 a111cbf6f7385fac55edc5c9d2ca6ed351a5643de95c36748e11dbec98730f4d43e9
5b5bb1f07a6240dd567703ae75e13182ee0f69fc102145cdb5abf681ff126d60 skRm:
skSm: d743b20821e6326f7a26684a4beed7088b35e392114480ca9f6c325079dcf10b 00510a70fde67af487c093234fc4215c1cdec09579c4b30cc8e48cb530414d0e
psk: 0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82 ikmS:
ee27aaf99bf5cd8398e9de88ac09a82ac22cdb8d0905ab05c0f5fa12ba1709f3
pkSm: 04b59a4157a9720eb749c95f842a5e3e8acdccbe834426d405509ac3191e23
f2165b5bb1f07a6240dd567703ae75e13182ee0f69fc102145cdb5abf681ff126d60
skSm:
d743b20821e6326f7a26684a4beed7088b35e392114480ca9f6c325079dcf10b
psk:
0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82
psk_id: 456e6e796e20447572696e206172616e204d6f726961 psk_id: 456e6e796e20447572696e206172616e204d6f726961
enc: 04801740f4b1b35823f7fb2930eac2efc8c4893f34ba111c0bb976e3c7d5dc0aef5 enc: 04801740f4b1b35823f7fb2930eac2efc8c4893f34ba111c0bb976e3c7d5dc0
a7ef0bf4057949a140285f774f1efc53b3860936b92279a11b68395d898d138 aef5a7ef0bf4057949a140285f774f1efc53b3860936b92279a11b68395d898d138
shared_secret: shared_secret:
02bee8be0dda755846115db45071c0cf59c25722e015bde1c124de849c0fea52 02bee8be0dda755846115db45071c0cf59c25722e015bde1c124de849c0fea52
key_schedule_context: 03713f73042575cebfd132f0cc4338523f8eae95c80a749f7c key_schedule_context: 03713f73042575cebfd132f0cc4338523f8eae95c80a74
f3eb9436ff1c612ca62c37df27ca46d2cc162445a92c5f5fdc57bcde129ca7b1f284b0c1 9f7cf3eb9436ff1c612ca62c37df27ca46d2cc162445a92c5f5fdc57bcde129ca7b1
2297c037ca221d77e229a9d11b654de7942d685069c633b2362ce3b3d8ea4891c9a2a87a f284b0c12297c037ca221d77e229a9d11b654de7942d685069c633b2362ce3b3d8ea
4eb7cdb289ba5e2ecbf8cd2c8498bb4a383dc021454d70d46fcbbad1252ef4f9 4891c9a2a87a4eb7cdb289ba5e2ecbf8cd2c8498bb4a383dc021454d70d46fcbbad1
secret: 0f9df08908a6a3d06c8e934cd3f5313f9ebccd0986e316c0198bb48bed30dc3d 252ef4f9
b2f3baab94fd40c2c285c7288c77e2255401ee2d5884306addf4296b93c238b3 secret: 0f9df08908a6a3d06c8e934cd3f5313f9ebccd0986e316c0198bb48bed30
dc3db2f3baab94fd40c2c285c7288c77e2255401ee2d5884306addf4296b93c238b3
key: b68bb0e2fbf7431cedb46cc3b6f1fe9e key: b68bb0e2fbf7431cedb46cc3b6f1fe9e
base_nonce: 76af62719d33d39a1cb6be9f base_nonce: 76af62719d33d39a1cb6be9f
exporter_secret: 7f72308ae68c9a2b3862e686cb547b16d33d00fe482c770c4717d8b exporter_secret: 7f72308ae68c9a2b3862e686cb547b16d33d00fe482c770c471
54e9b1e547244c3602bdd86d5a788a8443befea0a7658002b23f1c96a62a64986fffc511 7d8b54e9b1e547244c3602bdd86d5a788a8443befea0a7658002b23f1c96a62a6498
a 6fffc511a
]]></sourcecode> ]]></artwork>
<section anchor="encryptions-15" numbered="true" toc="default"> <section anchor="encryptions-15" numbered="true" toc="default">
<name>Encryptions</name> <name>Encryptions</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
sequence number: 0 sequence number: 0
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d30 aad: 436f756e742d30
nonce: 76af62719d33d39a1cb6be9f nonce: 76af62719d33d39a1cb6be9f
ct: 840669634db51e28df54f189329c1b727fd303ae413f003020aff5e26276aaa910fc ct: 840669634db51e28df54f189329c1b727fd303ae413f003020aff5e26276aaa9
4296828cb9d862c2fd7d16 10fc4296828cb9d862c2fd7d16
sequence number: 1 sequence number: 1
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d31 aad: 436f756e742d31
nonce: 76af62719d33d39a1cb6be9e nonce: 76af62719d33d39a1cb6be9e
ct: d4680a48158d9a75fd09355878d6e33997a36ee01d4a8f22032b22373b795a941b7b ct: d4680a48158d9a75fd09355878d6e33997a36ee01d4a8f22032b22373b795a94
9c5205ff99e0ff284beef4 1b7b9c5205ff99e0ff284beef4
sequence number: 2 sequence number: 2
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d32 aad: 436f756e742d32
nonce: 76af62719d33d39a1cb6be9d nonce: 76af62719d33d39a1cb6be9d
ct: c45eb6597de2bac929a0f5d404ba9d2dc1ea031880930f1fd7a283f0a0cbebb35eac ct: c45eb6597de2bac929a0f5d404ba9d2dc1ea031880930f1fd7a283f0a0cbebb3
1a9ee0d1225f5e0f181571 5eac1a9ee0d1225f5e0f181571
sequence number: 4 sequence number: 4
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d34 aad: 436f756e742d34
nonce: 76af62719d33d39a1cb6be9b nonce: 76af62719d33d39a1cb6be9b
ct: 4ee2482ad8d7d1e9b7e651c78b6ca26d3c5314d0711710ca62c2fd8bb8996d7d8727 ct: 4ee2482ad8d7d1e9b7e651c78b6ca26d3c5314d0711710ca62c2fd8bb8996d7d
c157538d5493da696b61f8 8727c157538d5493da696b61f8
sequence number: 255 sequence number: 255
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d323535 aad: 436f756e742d323535
nonce: 76af62719d33d39a1cb6be60 nonce: 76af62719d33d39a1cb6be60
ct: 65596b731df010c76a915c6271a438056ce65696459432eeafdae7b4cadb6290dd61 ct: 65596b731df010c76a915c6271a438056ce65696459432eeafdae7b4cadb6290
e68edd4e40b659d2a8cbcc dd61e68edd4e40b659d2a8cbcc
sequence number: 256 sequence number: 256
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d323536 aad: 436f756e742d323536
nonce: 76af62719d33d39a1cb6bf9f nonce: 76af62719d33d39a1cb6bf9f
ct: 9f659482ebc52f8303f9eac75656d807ec38ce2e50c72e3078cd13d86b30e3f89069 ct: 9f659482ebc52f8303f9eac75656d807ec38ce2e50c72e3078cd13d86b30e3f8
0a873277620f8a6a42d836 90690a873277620f8a6a42d836
]]></sourcecode> ]]></artwork>
</section> </section>
<section anchor="exported-values-15" numbered="true" toc="default"> <section anchor="exported-values-15" numbered="true" toc="default">
<name>Exported Values</name> <name>Exported Values</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
exporter_context: exporter_context:
L: 32 L: 32
exported_value: exported_value:
c8c917e137a616d3d4e4c9fcd9c50202f366cb0d37862376bc79f9b72e8a8db9 c8c917e137a616d3d4e4c9fcd9c50202f366cb0d37862376bc79f9b72e8a8db9
exporter_context: 00 exporter_context: 00
L: 32 L: 32
exported_value: exported_value:
33a5d4df232777008a06d0684f23bb891cfaef702f653c8601b6ad4d08dddddf 33a5d4df232777008a06d0684f23bb891cfaef702f653c8601b6ad4d08dddddf
exporter_context: 54657374436f6e74657874 exporter_context: 54657374436f6e74657874
L: 32 L: 32
exported_value: exported_value:
bed80f2e54f1285895c4a3f3b3625e6206f78f1ed329a0cfb5864f7c139b3c6a bed80f2e54f1285895c4a3f3b3625e6206f78f1ed329a0cfb5864f7c139b3c6a
]]></sourcecode> ]]></artwork>
</section> </section>
</section> </section>
</section> </section>
<section anchor="dhkemp-256-hkdf-sha256-hkdf-sha256-chacha20poly1305" numb ered="true" toc="default"> <section anchor="dhkemp-256-hkdf-sha256-hkdf-sha256-chacha20poly1305" numb ered="true" toc="default">
<name>DHKEM(P-256, HKDF-SHA256), HKDF-SHA256, ChaCha20Poly1305</name> <name>DHKEM(P-256, HKDF-SHA256), HKDF-SHA256, ChaCha20Poly1305</name>
<section anchor="base-setup-information-4" numbered="true" toc="default" > <section anchor="base-setup-information-4" numbered="true" toc="default" >
<name>Base Setup Information</name> <name>Base Setup Information</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
mode: 0 mode: 0
kem_id: 16 kem_id: 16
kdf_id: 1 kdf_id: 1
aead_id: 3 aead_id: 3
info: 4f6465206f6e2061204772656369616e2055726e info: 4f6465206f6e2061204772656369616e2055726e
ikmE: f1f1a3bc95416871539ecb51c3a8f0cf608afb40fbbe305c0a72819d35c33f1f ikmE:
pkEm: 04c07836a0206e04e31d8ae99bfd549380b072a1b1b82e563c935c095827824fc1 f1f1a3bc95416871539ecb51c3a8f0cf608afb40fbbe305c0a72819d35c33f1f
559eac6fb9e3c70cd3193968994e7fe9781aa103f5b50e934b5b2f387e381291 pkEm: 04c07836a0206e04e31d8ae99bfd549380b072a1b1b82e563c935c09582782
skEm: 7550253e1147aae48839c1f8af80d2770fb7a4c763afe7d0afa7e0f42a5b3689 4fc1559eac6fb9e3c70cd3193968994e7fe9781aa103f5b50e934b5b2f387e381291
ikmR: 61092f3f56994dd424405899154a9918353e3e008171517ad576b900ddb275e7 skEm:
pkRm: 04a697bffde9405c992883c5c439d6cc358170b51af72812333b015621dc0f40ba 7550253e1147aae48839c1f8af80d2770fb7a4c763afe7d0afa7e0f42a5b3689
d9bb726f68a5c013806a790ec716ab8669f84f6b694596c2987cf35baba2a006 ikmR:
skRm: a4d1c55836aa30f9b3fbb6ac98d338c877c2867dd3a77396d13f68d3ab150d3b 61092f3f56994dd424405899154a9918353e3e008171517ad576b900ddb275e7
enc: 04c07836a0206e04e31d8ae99bfd549380b072a1b1b82e563c935c095827824fc15 pkRm: 04a697bffde9405c992883c5c439d6cc358170b51af72812333b015621dc0f
59eac6fb9e3c70cd3193968994e7fe9781aa103f5b50e934b5b2f387e381291 40bad9bb726f68a5c013806a790ec716ab8669f84f6b694596c2987cf35baba2a006
skRm:
a4d1c55836aa30f9b3fbb6ac98d338c877c2867dd3a77396d13f68d3ab150d3b
enc: 04c07836a0206e04e31d8ae99bfd549380b072a1b1b82e563c935c095827824
fc1559eac6fb9e3c70cd3193968994e7fe9781aa103f5b50e934b5b2f387e381291
shared_secret: shared_secret:
806520f82ef0b03c823b7fc524b6b55a088f566b9751b89551c170f4113bd850 806520f82ef0b03c823b7fc524b6b55a088f566b9751b89551c170f4113bd850
key_schedule_context: 00b738cd703db7b4106e93b4621e9a19c89c838e55964240e5 key_schedule_context: 00b738cd703db7b4106e93b4621e9a19c89c838e559642
d3f331aaf8b0d58b2e986ea1c671b61cf45eec134dac0bae58ec6f63e790b1400b47c330 40e5d3f331aaf8b0d58b2e986ea1c671b61cf45eec134dac0bae58ec6f63e790b140
38b0269c 0b47c33038b0269c
secret: fe891101629aa355aad68eff3cc5170d057eca0c7573f6575e91f9783e1d4506 secret:
key: a8f45490a92a3b04d1dbf6cf2c3939ad8bfc9bfcb97c04bffe116730c9dfe3fc fe891101629aa355aad68eff3cc5170d057eca0c7573f6575e91f9783e1d4506
key:
a8f45490a92a3b04d1dbf6cf2c3939ad8bfc9bfcb97c04bffe116730c9dfe3fc
base_nonce: 726b4390ed2209809f58c693 base_nonce: 726b4390ed2209809f58c693
exporter_secret: exporter_secret:
4f9bd9b3a8db7d7c3a5b9d44fdc1f6e37d5d77689ade5ec44a7242016e6aa205 4f9bd9b3a8db7d7c3a5b9d44fdc1f6e37d5d77689ade5ec44a7242016e6aa205
]]></sourcecode> ]]></artwork>
<section anchor="encryptions-16" numbered="true" toc="default"> <section anchor="encryptions-16" numbered="true" toc="default">
<name>Encryptions</name> <name>Encryptions</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
sequence number: 0 sequence number: 0
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d30 aad: 436f756e742d30
nonce: 726b4390ed2209809f58c693 nonce: 726b4390ed2209809f58c693
ct: 6469c41c5c81d3aa85432531ecf6460ec945bde1eb428cb2fedf7a29f5a685b4ccb0 ct: 6469c41c5c81d3aa85432531ecf6460ec945bde1eb428cb2fedf7a29f5a685b4
d057f03ea2952a27bb458b ccb0d057f03ea2952a27bb458b
sequence number: 1 sequence number: 1
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d31 aad: 436f756e742d31
nonce: 726b4390ed2209809f58c692 nonce: 726b4390ed2209809f58c692
ct: f1564199f7e0e110ec9c1bcdde332177fc35c1adf6e57f8d1df24022227ffa871686 ct: f1564199f7e0e110ec9c1bcdde332177fc35c1adf6e57f8d1df24022227ffa87
2dbda2b1dc546c9d114374 16862dbda2b1dc546c9d114374
sequence number: 2 sequence number: 2
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d32 aad: 436f756e742d32
nonce: 726b4390ed2209809f58c691 nonce: 726b4390ed2209809f58c691
ct: 39de89728bcb774269f882af8dc5369e4f3d6322d986e872b3a8d074c7c18e8549ff ct: 39de89728bcb774269f882af8dc5369e4f3d6322d986e872b3a8d074c7c18e85
3f85b6d6592ff87c3f310c 49ff3f85b6d6592ff87c3f310c
sequence number: 4 sequence number: 4
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d34 aad: 436f756e742d34
nonce: 726b4390ed2209809f58c697 nonce: 726b4390ed2209809f58c697
ct: bc104a14fbede0cc79eeb826ea0476ce87b9c928c36e5e34dc9b6905d91473ec369a ct: bc104a14fbede0cc79eeb826ea0476ce87b9c928c36e5e34dc9b6905d91473ec
08b1a25d305dd45c6c5f80 369a08b1a25d305dd45c6c5f80
sequence number: 255 sequence number: 255
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d323535 aad: 436f756e742d323535
nonce: 726b4390ed2209809f58c66c nonce: 726b4390ed2209809f58c66c
ct: 8f2814a2c548b3be50259713c6724009e092d37789f6856553d61df23ebc079235f7 ct: 8f2814a2c548b3be50259713c6724009e092d37789f6856553d61df23ebc0792
10e6af3c3ca6eaba7c7c6c 35f710e6af3c3ca6eaba7c7c6c
sequence number: 256 sequence number: 256
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d323536 aad: 436f756e742d323536
nonce: 726b4390ed2209809f58c793 nonce: 726b4390ed2209809f58c793
ct: b45b69d419a9be7219d8c94365b89ad6951caf4576ea4774ea40e9b7047a09d6537d ct: b45b69d419a9be7219d8c94365b89ad6951caf4576ea4774ea40e9b7047a09d6
1aa2f7c12d6ae4b729b4d0 537d1aa2f7c12d6ae4b729b4d0
]]></sourcecode> ]]></artwork>
</section> </section>
<section anchor="exported-values-16" numbered="true" toc="default"> <section anchor="exported-values-16" numbered="true" toc="default">
<name>Exported Values</name> <name>Exported Values</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
exporter_context: exporter_context:
L: 32 L: 32
exported_value: exported_value:
9b13c510416ac977b553bf1741018809c246a695f45eff6d3b0356dbefe1e660 9b13c510416ac977b553bf1741018809c246a695f45eff6d3b0356dbefe1e660
exporter_context: 00 exporter_context: 00
L: 32 L: 32
exported_value: exported_value:
6c8b7be3a20a5684edecb4253619d9051ce8583baf850e0cb53c402bdcaf8ebb 6c8b7be3a20a5684edecb4253619d9051ce8583baf850e0cb53c402bdcaf8ebb
exporter_context: 54657374436f6e74657874 exporter_context: 54657374436f6e74657874
L: 32 L: 32
exported_value: exported_value:
477a50d804c7c51941f69b8e32fe8288386ee1a84905fe4938d58972f24ac938 477a50d804c7c51941f69b8e32fe8288386ee1a84905fe4938d58972f24ac938
]]></sourcecode> ]]></artwork>
</section> </section>
</section> </section>
<section anchor="psk-setup-information-4" numbered="true" toc="default"> <section anchor="psk-setup-information-4" numbered="true" toc="default">
<name>PSK Setup Information</name> <name>PSK Setup Information</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
mode: 1 mode: 1
kem_id: 16 kem_id: 16
kdf_id: 1 kdf_id: 1
aead_id: 3 aead_id: 3
info: 4f6465206f6e2061204772656369616e2055726e info: 4f6465206f6e2061204772656369616e2055726e
ikmE: e1a4e1d50c4bfcf890f2b4c7d6b2d2aca61368eddc3c84162df2856843e1057a ikmE:
pkEm: 04f336578b72ad7932fe867cc4d2d44a718a318037a0ec271163699cee653fa805 e1a4e1d50c4bfcf890f2b4c7d6b2d2aca61368eddc3c84162df2856843e1057a
c1fec955e562663e0c2061bb96a87d78892bff0cc0bad7906c2d998ebe1a7246 pkEm: 04f336578b72ad7932fe867cc4d2d44a718a318037a0ec271163699cee653f
skEm: 7d6e4e006cee68af9b3fdd583a0ee8962df9d59fab029997ee3f456cbc857904 a805c1fec955e562663e0c2061bb96a87d78892bff0cc0bad7906c2d998ebe1a7246
ikmR: ee51dec304abf993ef8fd52aacdd3b539108bbf6e491943266c1de89ec596a17 skEm:
pkRm: 041eb8f4f20ab72661af369ff3231a733672fa26f385ffb959fd1bae46bfda43ad 7d6e4e006cee68af9b3fdd583a0ee8962df9d59fab029997ee3f456cbc857904
55e2d573b880831381d9367417f554ce5b2134fbba5235b44db465feffc6189e ikmR:
skRm: 12ecde2c8bc2d5d7ed2219c71f27e3943d92b344174436af833337c557c300b3 ee51dec304abf993ef8fd52aacdd3b539108bbf6e491943266c1de89ec596a17
psk: 0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82 pkRm: 041eb8f4f20ab72661af369ff3231a733672fa26f385ffb959fd1bae46bfda
43ad55e2d573b880831381d9367417f554ce5b2134fbba5235b44db465feffc6189e
skRm:
12ecde2c8bc2d5d7ed2219c71f27e3943d92b344174436af833337c557c300b3
psk:
0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82
psk_id: 456e6e796e20447572696e206172616e204d6f726961 psk_id: 456e6e796e20447572696e206172616e204d6f726961
enc: 04f336578b72ad7932fe867cc4d2d44a718a318037a0ec271163699cee653fa805c enc: 04f336578b72ad7932fe867cc4d2d44a718a318037a0ec271163699cee653fa
1fec955e562663e0c2061bb96a87d78892bff0cc0bad7906c2d998ebe1a7246 805c1fec955e562663e0c2061bb96a87d78892bff0cc0bad7906c2d998ebe1a7246
shared_secret: shared_secret:
ac4f260dce4db6bf45435d9c92c0e11cfdd93743bd3075949975974cc2b3d79e ac4f260dce4db6bf45435d9c92c0e11cfdd93743bd3075949975974cc2b3d79e
key_schedule_context: 01622b72afcc3795841596c67ea74400ca3b029374d7d5640b key_schedule_context: 01622b72afcc3795841596c67ea74400ca3b029374d7d5
da367c5d67b3fbeb2e986ea1c671b61cf45eec134dac0bae58ec6f63e790b1400b47c330 640bda367c5d67b3fbeb2e986ea1c671b61cf45eec134dac0bae58ec6f63e790b140
38b0269c 0b47c33038b0269c
secret: 858c8087a1c056db5811e85802f375bb0c19b9983204a1575de4803575d23239 secret:
key: 6d61cb330b7771168c8619498e753f16198aad9566d1f1c6c70e2bc1a1a8b142 858c8087a1c056db5811e85802f375bb0c19b9983204a1575de4803575d23239
key:
6d61cb330b7771168c8619498e753f16198aad9566d1f1c6c70e2bc1a1a8b142
base_nonce: 0de7655fb65e1cd51a38864e base_nonce: 0de7655fb65e1cd51a38864e
exporter_secret: exporter_secret:
754ca00235b245e72d1f722a7718e7145bd113050a2aa3d89586d4cb7514bfdb 754ca00235b245e72d1f722a7718e7145bd113050a2aa3d89586d4cb7514bfdb
]]></sourcecode> ]]></artwork>
<section anchor="encryptions-17" numbered="true" toc="default"> <section anchor="encryptions-17" numbered="true" toc="default">
<name>Encryptions</name> <name>Encryptions</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
sequence number: 0 sequence number: 0
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d30 aad: 436f756e742d30
nonce: 0de7655fb65e1cd51a38864e nonce: 0de7655fb65e1cd51a38864e
ct: 21433eaff24d7706f3ed5b9b2e709b07230e2b11df1f2b1fe07b3c70d5948a53d6fa ct: 21433eaff24d7706f3ed5b9b2e709b07230e2b11df1f2b1fe07b3c70d5948a53
5c8bed194020bd9df0877b d6fa5c8bed194020bd9df0877b
sequence number: 1 sequence number: 1
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d31 aad: 436f756e742d31
nonce: 0de7655fb65e1cd51a38864f nonce: 0de7655fb65e1cd51a38864f
ct: c74a764b4892072ea8c2c56b9bcd46c7f1e9ca8cb0a263f8b40c2ba59ac9c857033f ct: c74a764b4892072ea8c2c56b9bcd46c7f1e9ca8cb0a263f8b40c2ba59ac9c857
176019562218769d3e0452 033f176019562218769d3e0452
sequence number: 2 sequence number: 2
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d32 aad: 436f756e742d32
nonce: 0de7655fb65e1cd51a38864c nonce: 0de7655fb65e1cd51a38864c
ct: dc8cd68863474d6e9cbb6a659335a86a54e036249d41acf909e738c847ff2bd36fe3 ct: dc8cd68863474d6e9cbb6a659335a86a54e036249d41acf909e738c847ff2bd3
fcacda4ededa7032c0a220 6fe3fcacda4ededa7032c0a220
sequence number: 4 sequence number: 4
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d34 aad: 436f756e742d34
nonce: 0de7655fb65e1cd51a38864a nonce: 0de7655fb65e1cd51a38864a
ct: cd54a8576353b1b9df366cb0cc042e46eef6f4cf01e205fe7d47e306b2fdd90f7185 ct: cd54a8576353b1b9df366cb0cc042e46eef6f4cf01e205fe7d47e306b2fdd90f
f289a26c613ca094e3be10 7185f289a26c613ca094e3be10
sequence number: 255 sequence number: 255
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d323535 aad: 436f756e742d323535
nonce: 0de7655fb65e1cd51a3886b1 nonce: 0de7655fb65e1cd51a3886b1
ct: 6324570c9d542c70c7e70570c1d8f4c52a89484746bf0625441890ededcc80c24ef2 ct: 6324570c9d542c70c7e70570c1d8f4c52a89484746bf0625441890ededcc80c2
301c38bfd34d689d19f67d 4ef2301c38bfd34d689d19f67d
sequence number: 256 sequence number: 256
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d323536 aad: 436f756e742d323536
nonce: 0de7655fb65e1cd51a38874e nonce: 0de7655fb65e1cd51a38874e
ct: 1ea6326c8098ed0437a553c466550114fb2ca1412cca7de98709b9ccdf19206e52c3 ct: 1ea6326c8098ed0437a553c466550114fb2ca1412cca7de98709b9ccdf19206e
d39180e2cf62b3e9f4baf4 52c3d39180e2cf62b3e9f4baf4
]]></sourcecode> ]]></artwork>
</section> </section>
<section anchor="exported-values-17" numbered="true" toc="default"> <section anchor="exported-values-17" numbered="true" toc="default">
<name>Exported Values</name> <name>Exported Values</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
exporter_context: exporter_context:
L: 32 L: 32
exported_value: exported_value:
530bbc2f68f078dccc89cc371b4f4ade372c9472bafe4601a8432cbb934f528d 530bbc2f68f078dccc89cc371b4f4ade372c9472bafe4601a8432cbb934f528d
exporter_context: 00 exporter_context: 00
L: 32 L: 32
exported_value: exported_value:
6e25075ddcc528c90ef9218f800ca3dfe1b8ff4042de5033133adb8bd54c401d 6e25075ddcc528c90ef9218f800ca3dfe1b8ff4042de5033133adb8bd54c401d
exporter_context: 54657374436f6e74657874 exporter_context: 54657374436f6e74657874
L: 32 L: 32
exported_value: exported_value:
6f6fbd0d1c7733f796461b3235a856cc34f676fe61ed509dfc18fa16efe6be78 6f6fbd0d1c7733f796461b3235a856cc34f676fe61ed509dfc18fa16efe6be78
]]></sourcecode> ]]></artwork>
</section> </section>
</section> </section>
<section anchor="auth-setup-information-4" numbered="true" toc="default" > <section anchor="auth-setup-information-4" numbered="true" toc="default" >
<name>Auth Setup Information</name> <name>Auth Setup Information</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
mode: 2 mode: 2
kem_id: 16 kem_id: 16
kdf_id: 1 kdf_id: 1
aead_id: 3 aead_id: 3
info: 4f6465206f6e2061204772656369616e2055726e info: 4f6465206f6e2061204772656369616e2055726e
ikmE: 0ecd212019008138a31f9104d5dba76b9f8e34d5b996041fff9e3df221dd0d5d ikmE:
pkEm: 040d5176aedba55bc41709261e9195c5146bb62d783031280775f32e507d79b5cb 0ecd212019008138a31f9104d5dba76b9f8e34d5b996041fff9e3df221dd0d5d
c5748b6be6359760c73cfe10ca19521af704ca6d91ff32fc0739527b9385d415 pkEm: 040d5176aedba55bc41709261e9195c5146bb62d783031280775f32e507d79
skEm: 085fd5d5e6ce6497c79df960cac93710006b76217d8bcfafbd2bb2c20ea03c42 b5cbc5748b6be6359760c73cfe10ca19521af704ca6d91ff32fc0739527b9385d415
ikmR: d32236d8378b9563840653789eb7bc33c3c720e537391727bf1c812d0eac110f skEm:
pkRm: 0444f6ee41818d9fe0f8265bffd016b7e2dd3964d610d0f7514244a60dbb7a11ec 085fd5d5e6ce6497c79df960cac93710006b76217d8bcfafbd2bb2c20ea03c42
e876bb110a97a2ac6a9542d7344bf7d2bd59345e3e75e497f7416cf38d296233 ikmR:
skRm: 3cb2c125b8c5a81d165a333048f5dcae29a2ab2072625adad66dbb0f48689af9 d32236d8378b9563840653789eb7bc33c3c720e537391727bf1c812d0eac110f
ikmS: 0e6be0851283f9327295fd49858a8c8908ea9783212945eef6c598ee0a3cedbb pkRm: 0444f6ee41818d9fe0f8265bffd016b7e2dd3964d610d0f7514244a60dbb7a
pkSm: 04265529a04d4f46ab6fa3af4943774a9f1127821656a75a35fade898a9a1b014f 11ece876bb110a97a2ac6a9542d7344bf7d2bd59345e3e75e497f7416cf38d296233
64d874e88cddb24c1c3d79004d3a587db67670ca357ff4fba7e8b56ec013b98b skRm:
skSm: 39b19402e742d48d319d24d68e494daa4492817342e593285944830320912519 3cb2c125b8c5a81d165a333048f5dcae29a2ab2072625adad66dbb0f48689af9
enc: 040d5176aedba55bc41709261e9195c5146bb62d783031280775f32e507d79b5cbc ikmS:
5748b6be6359760c73cfe10ca19521af704ca6d91ff32fc0739527b9385d415 0e6be0851283f9327295fd49858a8c8908ea9783212945eef6c598ee0a3cedbb
pkSm: 04265529a04d4f46ab6fa3af4943774a9f1127821656a75a35fade898a9a1b
014f64d874e88cddb24c1c3d79004d3a587db67670ca357ff4fba7e8b56ec013b98b
skSm:
39b19402e742d48d319d24d68e494daa4492817342e593285944830320912519
enc: 040d5176aedba55bc41709261e9195c5146bb62d783031280775f32e507d79b
5cbc5748b6be6359760c73cfe10ca19521af704ca6d91ff32fc0739527b9385d415
shared_secret: shared_secret:
1a45aa4792f4b166bfee7eeab0096c1a6e497480e2261b2a59aad12f2768d469 1a45aa4792f4b166bfee7eeab0096c1a6e497480e2261b2a59aad12f2768d469
key_schedule_context: 02b738cd703db7b4106e93b4621e9a19c89c838e55964240e5 key_schedule_context: 02b738cd703db7b4106e93b4621e9a19c89c838e559642
d3f331aaf8b0d58b2e986ea1c671b61cf45eec134dac0bae58ec6f63e790b1400b47c330 40e5d3f331aaf8b0d58b2e986ea1c671b61cf45eec134dac0bae58ec6f63e790b140
38b0269c 0b47c33038b0269c
secret: 9193210815b87a4c5496c9d73e609a6c92665b5ea0d760866294906d089ebb57 secret:
key: cf292f8a4313280a462ce55cde05b5aa5744fe4ca89a5d81b0146a5eaca8092d 9193210815b87a4c5496c9d73e609a6c92665b5ea0d760866294906d089ebb57
key:
cf292f8a4313280a462ce55cde05b5aa5744fe4ca89a5d81b0146a5eaca8092d
base_nonce: 7e45c21e20e869ae00492123 base_nonce: 7e45c21e20e869ae00492123
exporter_secret: exporter_secret:
dba6e307f71769ba11e2c687cc19592f9d436da0c81e772d7a8a9fd28e54355f dba6e307f71769ba11e2c687cc19592f9d436da0c81e772d7a8a9fd28e54355f
]]></sourcecode> ]]></artwork>
<section anchor="encryptions-18" numbered="true" toc="default"> <section anchor="encryptions-18" numbered="true" toc="default">
<name>Encryptions</name> <name>Encryptions</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
sequence number: 0 sequence number: 0
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d30 aad: 436f756e742d30
nonce: 7e45c21e20e869ae00492123 nonce: 7e45c21e20e869ae00492123
ct: 25881f219935eec5ba70d7b421f13c35005734f3e4d959680270f55d71e2f5cb3bd2 ct: 25881f219935eec5ba70d7b421f13c35005734f3e4d959680270f55d71e2f5cb
daced2770bf3d9d4916872 3bd2daced2770bf3d9d4916872
sequence number: 1 sequence number: 1
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d31 aad: 436f756e742d31
nonce: 7e45c21e20e869ae00492122 nonce: 7e45c21e20e869ae00492122
ct: 653f0036e52a376f5d2dd85b3204b55455b7835c231255ae098d09ed138719b97185 ct: 653f0036e52a376f5d2dd85b3204b55455b7835c231255ae098d09ed138719b9
129786338ab6543f753193 7185129786338ab6543f753193
sequence number: 2 sequence number: 2
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d32 aad: 436f756e742d32
nonce: 7e45c21e20e869ae00492121 nonce: 7e45c21e20e869ae00492121
ct: 60878706117f22180c788e62df6a595bc41906096a11a9513e84f0141e43239e81a9 ct: 60878706117f22180c788e62df6a595bc41906096a11a9513e84f0141e43239e
8d7a235abc64112fcb8ddd 81a98d7a235abc64112fcb8ddd
sequence number: 4 sequence number: 4
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d34 aad: 436f756e742d34
nonce: 7e45c21e20e869ae00492127 nonce: 7e45c21e20e869ae00492127
ct: 0f9094dd08240b5fa7a388b824d19d5b4b1e126cebfd67a062c32f9ba9f1f3866cc3 ct: 0f9094dd08240b5fa7a388b824d19d5b4b1e126cebfd67a062c32f9ba9f1f386
8de7df2702626e2ab65c0f 6cc38de7df2702626e2ab65c0f
sequence number: 255 sequence number: 255
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d323535 aad: 436f756e742d323535
nonce: 7e45c21e20e869ae004921dc nonce: 7e45c21e20e869ae004921dc
ct: dd29319e08135c5f8401d6537a364e92172c0e3f095f3fd18923881d11c0a6839345 ct: dd29319e08135c5f8401d6537a364e92172c0e3f095f3fd18923881d11c0a683
dd0b54acd0edd8f8344792 9345dd0b54acd0edd8f8344792
sequence number: 256 sequence number: 256
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d323536 aad: 436f756e742d323536
nonce: 7e45c21e20e869ae00492023 nonce: 7e45c21e20e869ae00492023
ct: e2276ec5047bc4b6ed57d6da7da2fb47a77502f0a30f17d040247c73da336d722bc6 ct: e2276ec5047bc4b6ed57d6da7da2fb47a77502f0a30f17d040247c73da336d72
c89adf68396a0912c6d152 2bc6c89adf68396a0912c6d152
]]></sourcecode> ]]></artwork>
</section> </section>
<section anchor="exported-values-18" numbered="true" toc="default"> <section anchor="exported-values-18" numbered="true" toc="default">
<name>Exported Values</name> <name>Exported Values</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
exporter_context: exporter_context:
L: 32 L: 32
exported_value: exported_value:
56c4d6c1d3a46c70fd8f4ecda5d27c70886e348efb51bd5edeaa39ff6ce34389 56c4d6c1d3a46c70fd8f4ecda5d27c70886e348efb51bd5edeaa39ff6ce34389
exporter_context: 00 exporter_context: 00
L: 32 L: 32
exported_value: exported_value:
d2d3e48ed76832b6b3f28fa84be5f11f09533c0e3c71825a34fb0f1320891b51 d2d3e48ed76832b6b3f28fa84be5f11f09533c0e3c71825a34fb0f1320891b51
exporter_context: 54657374436f6e74657874 exporter_context: 54657374436f6e74657874
L: 32 L: 32
exported_value: exported_value:
eb0d312b6263995b4c7761e64b688c215ffd6043ff3bad2368c862784cbe6eff eb0d312b6263995b4c7761e64b688c215ffd6043ff3bad2368c862784cbe6eff
]]></sourcecode> ]]></artwork>
</section> </section>
</section> </section>
<section anchor="authpsk-setup-information-4" numbered="true" toc="defau lt"> <section anchor="authpsk-setup-information-4" numbered="true" toc="defau lt">
<name>AuthPSK Setup Information</name> <name>AuthPSK Setup Information</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
mode: 3 mode: 3
kem_id: 16 kem_id: 16
kdf_id: 1 kdf_id: 1
aead_id: 3 aead_id: 3
info: 4f6465206f6e2061204772656369616e2055726e info: 4f6465206f6e2061204772656369616e2055726e
ikmE: f3a07f194703e321ef1f753a1b9fe27a498dfdfa309151d70bedd896c239c499 ikmE:
pkEm: 043539917ee26f8ae0aa5f784a387981b13de33124a3cde88b94672030183110f3 f3a07f194703e321ef1f753a1b9fe27a498dfdfa309151d70bedd896c239c499
31400115855808244ff0c5b6ca6104483ac95724481d41bdcd9f15b430ad16f6 pkEm: 043539917ee26f8ae0aa5f784a387981b13de33124a3cde88b946720301831
skEm: 11b7e4de2d919240616a31ab14944cced79bc2372108bb98f6792e3b645fe546 10f331400115855808244ff0c5b6ca6104483ac95724481d41bdcd9f15b430ad16f6
ikmR: 1240e55a0a03548d7f963ef783b6a7362cb505e6b31dfd04c81d9b294543bfbd skEm:
pkRm: 04d383fd920c42d018b9d57fd73a01f1eee480008923f67d35169478e55d2e8817 11b7e4de2d919240616a31ab14944cced79bc2372108bb98f6792e3b645fe546
068daf62a06b10e0aad4a9e429fa7f904481be96b79a9c231a33e956c20b81b6 ikmR:
skRm: c29fc577b7e74d525c0043f1c27540a1248e4f2c8d297298e99010a92e94865c 1240e55a0a03548d7f963ef783b6a7362cb505e6b31dfd04c81d9b294543bfbd
ikmS: ce2a0387a2eb8870a3a92c34a2975f0f3f271af4384d446c7dc1524a6c6c515a pkRm: 04d383fd920c42d018b9d57fd73a01f1eee480008923f67d35169478e55d2e
pkSm: 0492cf8c9b144b742fe5a63d9a181a19d416f3ec8705f24308ad316564823c344e 8817068daf62a06b10e0aad4a9e429fa7f904481be96b79a9c231a33e956c20b81b6
018bd7c03a33c926bb271b28ef5bf28c0ca00abff249fee5ef7f33315ff34fdb skRm:
skSm: 53541bd995f874a67f8bfd8038afa67fd68876801f42ff47d0dc2a4deea067ae c29fc577b7e74d525c0043f1c27540a1248e4f2c8d297298e99010a92e94865c
psk: 0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82 ikmS:
ce2a0387a2eb8870a3a92c34a2975f0f3f271af4384d446c7dc1524a6c6c515a
pkSm: 0492cf8c9b144b742fe5a63d9a181a19d416f3ec8705f24308ad316564823c
344e018bd7c03a33c926bb271b28ef5bf28c0ca00abff249fee5ef7f33315ff34fdb
skSm:
53541bd995f874a67f8bfd8038afa67fd68876801f42ff47d0dc2a4deea067ae
psk:
0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82
psk_id: 456e6e796e20447572696e206172616e204d6f726961 psk_id: 456e6e796e20447572696e206172616e204d6f726961
enc: 043539917ee26f8ae0aa5f784a387981b13de33124a3cde88b94672030183110f33 enc: 043539917ee26f8ae0aa5f784a387981b13de33124a3cde88b9467203018311
1400115855808244ff0c5b6ca6104483ac95724481d41bdcd9f15b430ad16f6 0f331400115855808244ff0c5b6ca6104483ac95724481d41bdcd9f15b430ad16f6
shared_secret: shared_secret:
87584311791036a3019bc36803cdd42e9a8931a98b13c88835f2f8a9036a4fd6 87584311791036a3019bc36803cdd42e9a8931a98b13c88835f2f8a9036a4fd6
key_schedule_context: 03622b72afcc3795841596c67ea74400ca3b029374d7d5640b key_schedule_context: 03622b72afcc3795841596c67ea74400ca3b029374d7d5
da367c5d67b3fbeb2e986ea1c671b61cf45eec134dac0bae58ec6f63e790b1400b47c330 640bda367c5d67b3fbeb2e986ea1c671b61cf45eec134dac0bae58ec6f63e790b140
38b0269c 0b47c33038b0269c
secret: fe52b4412590e825ea2603fa88e145b2ee014b942a774b55fab4f081301f16f4 secret:
key: 31e140c8856941315d4067239fdc4ebe077fbf45a6fc78a61e7a6c8b3bacb10a fe52b4412590e825ea2603fa88e145b2ee014b942a774b55fab4f081301f16f4
key:
31e140c8856941315d4067239fdc4ebe077fbf45a6fc78a61e7a6c8b3bacb10a
base_nonce: 75838a8010d2e4760254dd56 base_nonce: 75838a8010d2e4760254dd56
exporter_secret: exporter_secret:
600895965755db9c5027f25f039a6e3e506c35b3b7084ce33c4a48d59ee1f0e3 600895965755db9c5027f25f039a6e3e506c35b3b7084ce33c4a48d59ee1f0e3
]]></sourcecode> ]]></artwork>
<section anchor="encryptions-19" numbered="true" toc="default"> <section anchor="encryptions-19" numbered="true" toc="default">
<name>Encryptions</name> <name>Encryptions</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
sequence number: 0 sequence number: 0
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d30 aad: 436f756e742d30
nonce: 75838a8010d2e4760254dd56 nonce: 75838a8010d2e4760254dd56
ct: 9eadfa0f954835e7e920ffe56dec6b31a046271cf71fdda55db72926e1d8fae94cc6 ct: 9eadfa0f954835e7e920ffe56dec6b31a046271cf71fdda55db72926e1d8fae9
280fcfabd8db71eaa65c05 4cc6280fcfabd8db71eaa65c05
sequence number: 1 sequence number: 1
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d31 aad: 436f756e742d31
nonce: 75838a8010d2e4760254dd57 nonce: 75838a8010d2e4760254dd57
ct: e357ad10d75240224d4095c9f6150a2ed2179c0f878e4f2db8ca95d365d174d059ff ct: e357ad10d75240224d4095c9f6150a2ed2179c0f878e4f2db8ca95d365d174d0
8c3eb38ea9a65cfc8eaeb8 59ff8c3eb38ea9a65cfc8eaeb8
sequence number: 2 sequence number: 2
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d32 aad: 436f756e742d32
nonce: 75838a8010d2e4760254dd54 nonce: 75838a8010d2e4760254dd54
ct: 2fa56d00f8dd479d67a2ec3308325cf3bbccaf102a64ffccdb006bd7dcb932685b9a ct: 2fa56d00f8dd479d67a2ec3308325cf3bbccaf102a64ffccdb006bd7dcb93268
7b49cdc094a85fec1da5ef 5b9a7b49cdc094a85fec1da5ef
sequence number: 4 sequence number: 4
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d34 aad: 436f756e742d34
nonce: 75838a8010d2e4760254dd52 nonce: 75838a8010d2e4760254dd52
ct: 1fe9d6db14965003ed81a39abf240f9cd7c5a454bca0d69ef9a2de16d537364fbbf1 ct: 1fe9d6db14965003ed81a39abf240f9cd7c5a454bca0d69ef9a2de16d537364f
10b9ef11fa4a7a0172f0ce bbf110b9ef11fa4a7a0172f0ce
sequence number: 255 sequence number: 255
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d323535 aad: 436f756e742d323535
nonce: 75838a8010d2e4760254dda9 nonce: 75838a8010d2e4760254dda9
ct: eaf4041a5c9122b22d1f8d698eeffe45d64b4ae33d0ddca3a4cdf4a5f595acc95a1a ct: eaf4041a5c9122b22d1f8d698eeffe45d64b4ae33d0ddca3a4cdf4a5f595acc9
9334d06cc4d000df6aaad6 5a1a9334d06cc4d000df6aaad6
sequence number: 256 sequence number: 256
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d323536 aad: 436f756e742d323536
nonce: 75838a8010d2e4760254dc56 nonce: 75838a8010d2e4760254dc56
ct: fb857f4185ce5286c1a52431867537204963ea66a3eee8d2a74419fd8751faee066d ct: fb857f4185ce5286c1a52431867537204963ea66a3eee8d2a74419fd8751faee
08277ac7880473aa4143ba 066d08277ac7880473aa4143ba
]]></sourcecode> ]]></artwork>
</section> </section>
<section anchor="exported-values-19" numbered="true" toc="default"> <section anchor="exported-values-19" numbered="true" toc="default">
<name>Exported Values</name> <name>Exported Values</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
exporter_context: exporter_context:
L: 32 L: 32
exported_value: exported_value:
c52b4592cd33dd38b2a3613108ddda28dcf7f03d30f2a09703f758bfa8029c9a c52b4592cd33dd38b2a3613108ddda28dcf7f03d30f2a09703f758bfa8029c9a
exporter_context: 00 exporter_context: 00
L: 32 L: 32
exported_value: exported_value:
2f03bebc577e5729e148554991787222b5c2a02b77e9b1ac380541f710e5a318 2f03bebc577e5729e148554991787222b5c2a02b77e9b1ac380541f710e5a318
exporter_context: 54657374436f6e74657874 exporter_context: 54657374436f6e74657874
L: 32 L: 32
exported_value: exported_value:
e01dd49e8bfc3d9216abc1be832f0418adf8b47a7b5a330a7436c31e33d765d7 e01dd49e8bfc3d9216abc1be832f0418adf8b47a7b5a330a7436c31e33d765d7
]]></sourcecode> ]]></artwork>
</section> </section>
</section> </section>
</section> </section>
<section anchor="dhkemp-521-hkdf-sha512-hkdf-sha512-aes-256-gcm" numbered= "true" toc="default"> <section anchor="dhkemp-521-hkdf-sha512-hkdf-sha512-aes-256-gcm" numbered= "true" toc="default">
<name>DHKEM(P-521, HKDF-SHA512), HKDF-SHA512, AES-256-GCM</name> <name>DHKEM(P-521, HKDF-SHA512), HKDF-SHA512, AES-256-GCM</name>
<section anchor="base-setup-information-5" numbered="true" toc="default" > <section anchor="base-setup-information-5" numbered="true" toc="default" >
<name>Base Setup Information</name> <name>Base Setup Information</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
mode: 0 mode: 0
kem_id: 18 kem_id: 18
kdf_id: 3 kdf_id: 3
aead_id: 2 aead_id: 2
info: 4f6465206f6e2061204772656369616e2055726e info: 4f6465206f6e2061204772656369616e2055726e
ikmE: 7f06ab8215105fc46aceeb2e3dc5028b44364f960426eb0d8e4026c2f8b5d7e7a9 ikmE: 7f06ab8215105fc46aceeb2e3dc5028b44364f960426eb0d8e4026c2f8b5d7
86688f1591abf5ab753c357a5d6f0440414b4ed4ede71317772ac98d9239f70904 e7a986688f1591abf5ab753c357a5d6f0440414b4ed4ede71317772ac98d9239f709
pkEm: 040138b385ca16bb0d5fa0c0665fbbd7e69e3ee29f63991d3e9b5fa740aab8900a 04
aeed46ed73a49055758425a0ce36507c54b29cc5b85a5cee6bae0cf1c21f2731ece2013d pkEm: 040138b385ca16bb0d5fa0c0665fbbd7e69e3ee29f63991d3e9b5fa740aab8
c3fb7c8d21654bb161b463962ca19e8c654ff24c94dd2898de12051f1ed0692237fb02b2 900aaeed46ed73a49055758425a0ce36507c54b29cc5b85a5cee6bae0cf1c21f2731
f8d1dc1c73e9b366b529eb436e98a996ee522aef863dd5739d2f29b0 ece2013dc3fb7c8d21654bb161b463962ca19e8c654ff24c94dd2898de12051f1ed0
skEm: 014784c692da35df6ecde98ee43ac425dbdd0969c0c72b42f2e708ab9d535415a8 692237fb02b2f8d1dc1c73e9b366b529eb436e98a996ee522aef863dd5739d2f29b0
569bdacfcc0a114c85b8e3f26acf4d68115f8c91a66178cdbd03b7bcc5291e374b skEm: 014784c692da35df6ecde98ee43ac425dbdd0969c0c72b42f2e708ab9d5354
ikmR: 2ad954bbe39b7122529f7dde780bff626cd97f850d0784a432784e69d86eccaade 15a8569bdacfcc0a114c85b8e3f26acf4d68115f8c91a66178cdbd03b7bcc5291e37
43b6c10a8ffdb94bf943c6da479db137914ec835a7e715e36e45e29b587bab3bf1 4b
pkRm: 0401b45498c1714e2dce167d3caf162e45e0642afc7ed435df7902ccae0e84ba0f ikmR: 2ad954bbe39b7122529f7dde780bff626cd97f850d0784a432784e69d86ecc
7d373f646b7738bbbdca11ed91bdeae3cdcba3301f2457be452f271fa6837580e661012a aade43b6c10a8ffdb94bf943c6da479db137914ec835a7e715e36e45e29b587bab3b
f49583a62e48d44bed350c7118c0d8dc861c238c72a2bda17f64704f464b57338e7f40b6 f1
0959480c0e58e6559b190d81663ed816e523b6b6a418f66d2451ec64 pkRm: 0401b45498c1714e2dce167d3caf162e45e0642afc7ed435df7902ccae0e84
skRm: 01462680369ae375e4b3791070a7458ed527842f6a98a79ff5e0d4cbde83c27196 ba0f7d373f646b7738bbbdca11ed91bdeae3cdcba3301f2457be452f271fa6837580
a3916956655523a6a2556a7af62c5cadabe2ef9da3760bb21e005202f7b2462847 e661012af49583a62e48d44bed350c7118c0d8dc861c238c72a2bda17f64704f464b
enc: 040138b385ca16bb0d5fa0c0665fbbd7e69e3ee29f63991d3e9b5fa740aab8900aa 57338e7f40b60959480c0e58e6559b190d81663ed816e523b6b6a418f66d2451ec64
eed46ed73a49055758425a0ce36507c54b29cc5b85a5cee6bae0cf1c21f2731ece2013dc skRm: 01462680369ae375e4b3791070a7458ed527842f6a98a79ff5e0d4cbde83c2
3fb7c8d21654bb161b463962ca19e8c654ff24c94dd2898de12051f1ed0692237fb02b2f 7196a3916956655523a6a2556a7af62c5cadabe2ef9da3760bb21e005202f7b24628
8d1dc1c73e9b366b529eb436e98a996ee522aef863dd5739d2f29b0 47
shared_secret: 776ab421302f6eff7d7cb5cb1adaea0cd50872c71c2d63c30c4f1d5e4 enc: 040138b385ca16bb0d5fa0c0665fbbd7e69e3ee29f63991d3e9b5fa740aab89
3653336fef33b103c67e7a98add2d3b66e2fda95b5b2a667aa9dac7e59cc1d46d30e818 00aaeed46ed73a49055758425a0ce36507c54b29cc5b85a5cee6bae0cf1c21f2731e
key_schedule_context: 0083a27c5b2358ab4dae1b2f5d8f57f10ccccc822a473326f5 ce2013dc3fb7c8d21654bb161b463962ca19e8c654ff24c94dd2898de12051f1ed06
43f239a70aee46347324e84e02d7651a10d08fb3dda739d22d50c53fbfa8122baacd0f9a 92237fb02b2f8d1dc1c73e9b366b529eb436e98a996ee522aef863dd5739d2f29b0
e5913072ef45baa1f3a4b169e141feb957e48d03f28c837d8904c3d6775308c3d3faa75d shared_secret: 776ab421302f6eff7d7cb5cb1adaea0cd50872c71c2d63c30c4f1
d64adfa44e1a1141edf9349959b8f8e5291cbdc56f62b0ed6527d692e85b09a4 d5e43653336fef33b103c67e7a98add2d3b66e2fda95b5b2a667aa9dac7e59cc1d46
secret: 49fd9f53b0f93732555b2054edfdc0e3101000d75df714b98ce5aa295a37f1b1 d30e818
8dfa86a1c37286d805d3ea09a20b72f93c21e83955a1f01eb7c5eead563d21e7 key_schedule_context: 0083a27c5b2358ab4dae1b2f5d8f57f10ccccc822a4733
key: 751e346ce8f0ddb2305c8a2a85c70d5cf559c53093656be636b9406d4d7d1b70 26f543f239a70aee46347324e84e02d7651a10d08fb3dda739d22d50c53fbfa8122b
aacd0f9ae5913072ef45baa1f3a4b169e141feb957e48d03f28c837d8904c3d67753
08c3d3faa75dd64adfa44e1a1141edf9349959b8f8e5291cbdc56f62b0ed6527d692
e85b09a4
secret: 49fd9f53b0f93732555b2054edfdc0e3101000d75df714b98ce5aa295a37
f1b18dfa86a1c37286d805d3ea09a20b72f93c21e83955a1f01eb7c5eead563d21e7
key:
751e346ce8f0ddb2305c8a2a85c70d5cf559c53093656be636b9406d4d7d1b70
base_nonce: 55ff7a7d739c69f44b25447b base_nonce: 55ff7a7d739c69f44b25447b
exporter_secret: e4ff9dfbc732a2b9c75823763c5ccc954a2c0648fc6de80a5858125 exporter_secret: e4ff9dfbc732a2b9c75823763c5ccc954a2c0648fc6de80a585
2d0ee3215388a4455e69086b50b87eb28c169a52f42e71de4ca61c920e7bd24c95cc3f99 81252d0ee3215388a4455e69086b50b87eb28c169a52f42e71de4ca61c920e7bd24c
2 95cc3f992
]]></sourcecode> ]]></artwork>
<section anchor="encryptions-20" numbered="true" toc="default"> <section anchor="encryptions-20" numbered="true" toc="default">
<name>Encryptions</name> <name>Encryptions</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
sequence number: 0 sequence number: 0
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d30 aad: 436f756e742d30
nonce: 55ff7a7d739c69f44b25447b nonce: 55ff7a7d739c69f44b25447b
ct: 170f8beddfe949b75ef9c387e201baf4132fa7374593dfafa90768788b7b2b200aaf ct: 170f8beddfe949b75ef9c387e201baf4132fa7374593dfafa90768788b7b2b20
cc6d80ea4c795a7c5b841a 0aafcc6d80ea4c795a7c5b841a
sequence number: 1 sequence number: 1
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d31 aad: 436f756e742d31
nonce: 55ff7a7d739c69f44b25447a nonce: 55ff7a7d739c69f44b25447a
ct: d9ee248e220ca24ac00bbbe7e221a832e4f7fa64c4fbab3945b6f3af0c5ecd5e1681 ct: d9ee248e220ca24ac00bbbe7e221a832e4f7fa64c4fbab3945b6f3af0c5ecd5e
5b328be4954a05fd352256 16815b328be4954a05fd352256
sequence number: 2 sequence number: 2
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d32 aad: 436f756e742d32
nonce: 55ff7a7d739c69f44b254479 nonce: 55ff7a7d739c69f44b254479
ct: 142cf1e02d1f58d9285f2af7dcfa44f7c3f2d15c73d460c48c6e0e506a3144bae352 ct: 142cf1e02d1f58d9285f2af7dcfa44f7c3f2d15c73d460c48c6e0e506a3144ba
84e7e221105b61d24e1c7a e35284e7e221105b61d24e1c7a
sequence number: 4 sequence number: 4
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d34 aad: 436f756e742d34
nonce: 55ff7a7d739c69f44b25447f nonce: 55ff7a7d739c69f44b25447f
ct: 3bb3a5a07100e5a12805327bf3b152df728b1c1be75a9fd2cb2bf5eac0cca1fb80ad ct: 3bb3a5a07100e5a12805327bf3b152df728b1c1be75a9fd2cb2bf5eac0cca1fb
db37eb2a32938c7268e3e5 80addb37eb2a32938c7268e3e5
sequence number: 255 sequence number: 255
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d323535 aad: 436f756e742d323535
nonce: 55ff7a7d739c69f44b254484 nonce: 55ff7a7d739c69f44b254484
ct: 4f268d0930f8d50b8fd9d0f26657ba25b5cb08b308c92e33382f369c768b558e113a ct: 4f268d0930f8d50b8fd9d0f26657ba25b5cb08b308c92e33382f369c768b558e
c95a4c70dd60909ad1adc7 113ac95a4c70dd60909ad1adc7
sequence number: 256 sequence number: 256
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d323536 aad: 436f756e742d323536
nonce: 55ff7a7d739c69f44b25457b nonce: 55ff7a7d739c69f44b25457b
ct: dbbfc44ae037864e75f136e8b4b4123351d480e6619ae0e0ae437f036f2f8f1ef677 ct: dbbfc44ae037864e75f136e8b4b4123351d480e6619ae0e0ae437f036f2f8f1e
686323977a1ccbb4b4f16a f677686323977a1ccbb4b4f16a
]]></sourcecode> ]]></artwork>
</section> </section>
<section anchor="exported-values-20" numbered="true" toc="default"> <section anchor="exported-values-20" numbered="true" toc="default">
<name>Exported Values</name> <name>Exported Values</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
exporter_context: exporter_context:
L: 32 L: 32
exported_value: exported_value:
05e2e5bd9f0c30832b80a279ff211cc65eceb0d97001524085d609ead60d0412 05e2e5bd9f0c30832b80a279ff211cc65eceb0d97001524085d609ead60d0412
exporter_context: 00 exporter_context: 00
L: 32 L: 32
exported_value: exported_value:
fca69744bb537f5b7a1596dbf34eaa8d84bf2e3ee7f1a155d41bd3624aa92b63 fca69744bb537f5b7a1596dbf34eaa8d84bf2e3ee7f1a155d41bd3624aa92b63
exporter_context: 54657374436f6e74657874 exporter_context: 54657374436f6e74657874
L: 32 L: 32
exported_value: exported_value:
f389beaac6fcf6c0d9376e20f97e364f0609a88f1bc76d7328e9104df8477013 f389beaac6fcf6c0d9376e20f97e364f0609a88f1bc76d7328e9104df8477013
]]></sourcecode> ]]></artwork>
</section> </section>
</section> </section>
<section anchor="psk-setup-information-5" numbered="true" toc="default"> <section anchor="psk-setup-information-5" numbered="true" toc="default">
<name>PSK Setup Information</name> <name>PSK Setup Information</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
mode: 1 mode: 1
kem_id: 18 kem_id: 18
kdf_id: 3 kdf_id: 3
aead_id: 2 aead_id: 2
info: 4f6465206f6e2061204772656369616e2055726e info: 4f6465206f6e2061204772656369616e2055726e
ikmE: f3ebfa9a69a924e672114fcd9e06fa9559e937f7eccce4181a2b506df53dbe514b ikmE: f3ebfa9a69a924e672114fcd9e06fa9559e937f7eccce4181a2b506df53dbe
e12f094bb28e01de19dd345b4f7ede5ad7eaa6b9c3019592ec68eaae9a14732ce0 514be12f094bb28e01de19dd345b4f7ede5ad7eaa6b9c3019592ec68eaae9a14732c
pkEm: 040085eff0835cc84351f32471d32aa453cdc1f6418eaaecf1c2824210eb1d48d0 e0
768b368110fab21407c324b8bb4bec63f042cfa4d0868d19b760eb4beba1bff793b30036 pkEm: 040085eff0835cc84351f32471d32aa453cdc1f6418eaaecf1c2824210eb1d
d2c614d55730bd2a40c718f9466faf4d5f8170d22b6df98dfe0c067d02b349ae4a142e0c 48d0768b368110fab21407c324b8bb4bec63f042cfa4d0868d19b760eb4beba1bff7
03418f0a1479ff78a3db07ae2c2e89e5840f712c174ba2118e90fdcb 93b30036d2c614d55730bd2a40c718f9466faf4d5f8170d22b6df98dfe0c067d02b3
skEm: 012e5cfe0daf5fe2a1cd617f4c4bae7c86f1f527b3207f115e262a98cc65268ec8 49ae4a142e0c03418f0a1479ff78a3db07ae2c2e89e5840f712c174ba2118e90fdcb
8cb8645aec73b7aa0a472d0292502d1078e762646e0c093cf873243d12c39915f6 skEm: 012e5cfe0daf5fe2a1cd617f4c4bae7c86f1f527b3207f115e262a98cc6526
ikmR: a2a2458705e278e574f835effecd18232f8a4c459e7550a09d44348ae5d3b1ea9d 8ec88cb8645aec73b7aa0a472d0292502d1078e762646e0c093cf873243d12c39915
95c51995e657ad6f7cae659f5e186126a471c017f8f5e41da9eba74d4e0473e179 f6
pkRm: 04006917e049a2be7e1482759fb067ddb94e9c4f7f5976f655088dec45246614ff ikmR: a2a2458705e278e574f835effecd18232f8a4c459e7550a09d44348ae5d3b1
924ed3b385fc2986c0ecc39d14f907bf837d7306aada59dd5889086125ecd038ead40060 ea9d95c51995e657ad6f7cae659f5e186126a471c017f8f5e41da9eba74d4e0473e1
3394b5d81f89ebfd556a898cc1d6a027e143d199d3db845cb91c5289fb26c5ff80832935 79
b0e8dd08d37c6185a6f77683347e472d1edb6daa6bd7652fea628fae pkRm: 04006917e049a2be7e1482759fb067ddb94e9c4f7f5976f655088dec452466
skRm: 011bafd9c7a52e3e71afbdab0d2f31b03d998a0dc875dd7555c63560e142bde264 14ff924ed3b385fc2986c0ecc39d14f907bf837d7306aada59dd5889086125ecd038
428de03379863b4ec6138f813fa009927dc5d15f62314c56d4e7ff2b485753eb72 ead400603394b5d81f89ebfd556a898cc1d6a027e143d199d3db845cb91c5289fb26
psk: 0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82 c5ff80832935b0e8dd08d37c6185a6f77683347e472d1edb6daa6bd7652fea628fae
skRm: 011bafd9c7a52e3e71afbdab0d2f31b03d998a0dc875dd7555c63560e142bd
e264428de03379863b4ec6138f813fa009927dc5d15f62314c56d4e7ff2b485753eb
72
psk:
0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82
psk_id: 456e6e796e20447572696e206172616e204d6f726961 psk_id: 456e6e796e20447572696e206172616e204d6f726961
enc: 040085eff0835cc84351f32471d32aa453cdc1f6418eaaecf1c2824210eb1d48d07 enc: 040085eff0835cc84351f32471d32aa453cdc1f6418eaaecf1c2824210eb1d4
68b368110fab21407c324b8bb4bec63f042cfa4d0868d19b760eb4beba1bff793b30036d 8d0768b368110fab21407c324b8bb4bec63f042cfa4d0868d19b760eb4beba1bff79
2c614d55730bd2a40c718f9466faf4d5f8170d22b6df98dfe0c067d02b349ae4a142e0c0 3b30036d2c614d55730bd2a40c718f9466faf4d5f8170d22b6df98dfe0c067d02b34
3418f0a1479ff78a3db07ae2c2e89e5840f712c174ba2118e90fdcb 9ae4a142e0c03418f0a1479ff78a3db07ae2c2e89e5840f712c174ba2118e90fdcb
shared_secret: 0d52de997fdaa4797720e8b1bebd3df3d03c4cf38cc8c1398168d36c3 shared_secret: 0d52de997fdaa4797720e8b1bebd3df3d03c4cf38cc8c1398168d
fc7626428c9c254dd3f9274450909c64a5b3acbe45e2d850a2fd69ac0605fe5c8a057a5 36c3fc7626428c9c254dd3f9274450909c64a5b3acbe45e2d850a2fd69ac0605fe5c
key_schedule_context: 0124497637cf18d6fbcc16e9f652f00244c981726f293bb781 8a057a5
9861e85e50c94f0be30e022ab081e18e6f299fd3d3d976a4bc590f85bc7711bfce32ee1a key_schedule_context: 0124497637cf18d6fbcc16e9f652f00244c981726f293b
7fb1c154ef45baa1f3a4b169e141feb957e48d03f28c837d8904c3d6775308c3d3faa75d b7819861e85e50c94f0be30e022ab081e18e6f299fd3d3d976a4bc590f85bc7711bf
d64adfa44e1a1141edf9349959b8f8e5291cbdc56f62b0ed6527d692e85b09a4 ce32ee1a7fb1c154ef45baa1f3a4b169e141feb957e48d03f28c837d8904c3d67753
secret: 2cf425e26f65526afc0634a3dba4e28d980c1015130ce07c2ac7530d7a391a75 08c3d3faa75dd64adfa44e1a1141edf9349959b8f8e5291cbdc56f62b0ed6527d692
e5a0db428b09f27ad4d975b4ad1e7f85800e03ffeea35e8cf3fe67b18d4a1345 e85b09a4
key: f764a5a4b17e5d1ffba6e699d65560497ebaea6eb0b0d9010a6d979e298a39ff secret: 2cf425e26f65526afc0634a3dba4e28d980c1015130ce07c2ac7530d7a39
1a75e5a0db428b09f27ad4d975b4ad1e7f85800e03ffeea35e8cf3fe67b18d4a1345
key:
f764a5a4b17e5d1ffba6e699d65560497ebaea6eb0b0d9010a6d979e298a39ff
base_nonce: 479afdf3546ddba3a9841f38 base_nonce: 479afdf3546ddba3a9841f38
exporter_secret: 5c3d4b65a13570502b93095ef196c42c8211a4a188c4590d3586366 exporter_secret: 5c3d4b65a13570502b93095ef196c42c8211a4a188c4590d358
5c705bb140ecba6ce9256be3fad35b4378d41643867454612adfd0542a684b61799bf293 63665c705bb140ecba6ce9256be3fad35b4378d41643867454612adfd0542a684b61
f 799bf293f
]]></sourcecode> ]]></artwork>
<section anchor="encryptions-21" numbered="true" toc="default"> <section anchor="encryptions-21" numbered="true" toc="default">
<name>Encryptions</name> <name>Encryptions</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
sequence number: 0 sequence number: 0
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d30 aad: 436f756e742d30
nonce: 479afdf3546ddba3a9841f38 nonce: 479afdf3546ddba3a9841f38
ct: de69e9d943a5d0b70be3359a19f317bd9aca4a2ebb4332a39bcdfc97d5fe62f3a777 ct: de69e9d943a5d0b70be3359a19f317bd9aca4a2ebb4332a39bcdfc97d5fe62f3
02f4822c3be531aa7843a1 a77702f4822c3be531aa7843a1
sequence number: 1 sequence number: 1
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d31 aad: 436f756e742d31
nonce: 479afdf3546ddba3a9841f39 nonce: 479afdf3546ddba3a9841f39
ct: 77a16162831f90de350fea9152cfc685ecfa10acb4f7994f41aed43fa5431f2382d0 ct: 77a16162831f90de350fea9152cfc685ecfa10acb4f7994f41aed43fa5431f23
78ec88baec53943984553e 82d078ec88baec53943984553e
sequence number: 2 sequence number: 2
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d32 aad: 436f756e742d32
nonce: 479afdf3546ddba3a9841f3a nonce: 479afdf3546ddba3a9841f3a
ct: f1d48d09f126b9003b4c7d3fe6779c7c92173188a2bb7465ba43d899a6398a333914 ct: f1d48d09f126b9003b4c7d3fe6779c7c92173188a2bb7465ba43d899a6398a33
d2bb19fd769d53f3ec7336 3914d2bb19fd769d53f3ec7336
sequence number: 4 sequence number: 4
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d34 aad: 436f756e742d34
nonce: 479afdf3546ddba3a9841f3c nonce: 479afdf3546ddba3a9841f3c
ct: 829b11c082b0178082cd595be6d73742a4721b9ac05f8d2ef8a7704a53022d82bd0d ct: 829b11c082b0178082cd595be6d73742a4721b9ac05f8d2ef8a7704a53022d82
8571f578c5c13b99eccff8 bd0d8571f578c5c13b99eccff8
sequence number: 255 sequence number: 255
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d323535 aad: 436f756e742d323535
nonce: 479afdf3546ddba3a9841fc7 nonce: 479afdf3546ddba3a9841fc7
ct: a3ee291e20f37021e82df14d41f3fbe98b27c43b318a36cacd8471a3b1051ab12ee0 ct: a3ee291e20f37021e82df14d41f3fbe98b27c43b318a36cacd8471a3b1051ab1
55b62ded95b72a63199a3f 2ee055b62ded95b72a63199a3f
sequence number: 256 sequence number: 256
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d323536 aad: 436f756e742d323536
nonce: 479afdf3546ddba3a9841e38 nonce: 479afdf3546ddba3a9841e38
ct: eecc2173ce1ac14b27ee67041e90ed50b7809926e55861a579949c07f6d26137bf9c ct: eecc2173ce1ac14b27ee67041e90ed50b7809926e55861a579949c07f6d26137
f0d097f60b5fd2fbf348ec bf9cf0d097f60b5fd2fbf348ec
]]></sourcecode> ]]></artwork>
</section> </section>
<section anchor="exported-values-21" numbered="true" toc="default"> <section anchor="exported-values-21" numbered="true" toc="default">
<name>Exported Values</name> <name>Exported Values</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
exporter_context: exporter_context:
L: 32 L: 32
exported_value: exported_value:
62691f0f971e34de38370bff24deb5a7d40ab628093d304be60946afcdb3a936 62691f0f971e34de38370bff24deb5a7d40ab628093d304be60946afcdb3a936
exporter_context: 00 exporter_context: 00
L: 32 L: 32
exported_value: exported_value:
76083c6d1b6809da088584674327b39488eaf665f0731151128452e04ce81bff 76083c6d1b6809da088584674327b39488eaf665f0731151128452e04ce81bff
exporter_context: 54657374436f6e74657874 exporter_context: 54657374436f6e74657874
L: 32 L: 32
exported_value: exported_value:
0c7cfc0976e25ae7680cf909ae2de1859cd9b679610a14bec40d69b91785b2f6 0c7cfc0976e25ae7680cf909ae2de1859cd9b679610a14bec40d69b91785b2f6
]]></sourcecode> ]]></artwork>
</section> </section>
</section> </section>
<section anchor="auth-setup-information-5" numbered="true" toc="default" > <section anchor="auth-setup-information-5" numbered="true" toc="default" >
<name>Auth Setup Information</name> <name>Auth Setup Information</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
mode: 2 mode: 2
kem_id: 18 kem_id: 18
kdf_id: 3 kdf_id: 3
aead_id: 2 aead_id: 2
info: 4f6465206f6e2061204772656369616e2055726e info: 4f6465206f6e2061204772656369616e2055726e
ikmE: fe1c589c2a05893895a537f38c7cb4300b5a7e8fef3d6ccb8f07a498029c61e902 ikmE: fe1c589c2a05893895a537f38c7cb4300b5a7e8fef3d6ccb8f07a498029c61
62e009dc254c7f6235f9c6b2fd6aeff0a714db131b09258c16e217b7bd2aa619b0 e90262e009dc254c7f6235f9c6b2fd6aeff0a714db131b09258c16e217b7bd2aa619
pkEm: 04017de12ede7f72cb101dab36a111265c97b3654816dcd6183f809d4b3d111fe7 b0
59497f8aefdc5dbb40d3e6d21db15bdc60f15f2a420761bcaeef73b891c2b117e9cf01e2 pkEm: 04017de12ede7f72cb101dab36a111265c97b3654816dcd6183f809d4b3d11
9320b799bbc86afdc5ea97d941ea1c5bd5ebeeac7a784b3bab524746f3e640ec26ee1bd9 1fe759497f8aefdc5dbb40d3e6d21db15bdc60f15f2a420761bcaeef73b891c2b117
1255f9330d974f845084637ee0e6fe9f505c5b87c86a4e1a6c3096dd e9cf01e29320b799bbc86afdc5ea97d941ea1c5bd5ebeeac7a784b3bab524746f3e6
skEm: 0185f03560de87bb2c543ef03607f3c33ac09980000de25eabe3b224312946330d 40ec26ee1bd91255f9330d974f845084637ee0e6fe9f505c5b87c86a4e1a6c3096dd
2e65d192d3b4aa46ca92fc5ca50736b624402d95f6a80dc04d1f10ae9517137261 skEm: 0185f03560de87bb2c543ef03607f3c33ac09980000de25eabe3b224312946
ikmR: 8feea0438481fc0ecd470d6adfcda334a759c6b8650452c5a5dd9b2dd2cc9be33d 330d2e65d192d3b4aa46ca92fc5ca50736b624402d95f6a80dc04d1f10ae95171372
2bb7ee64605fc07ab4664a58bb9a8de80defe510b6c97d2daf85b92cd4bb0a66bf 61
pkRm: 04007d419b8834e7513d0e7cc66424a136ec5e11395ab353da324e3586673ee73d ikmR: 8feea0438481fc0ecd470d6adfcda334a759c6b8650452c5a5dd9b2dd2cc9b
53ab34f30a0b42a92d054d0db321b80f6217e655e304f72793767c4231785c4a4a6e008f e33d2bb7ee64605fc07ab4664a58bb9a8de80defe510b6c97d2daf85b92cd4bb0a66
31b93b7a4f2b8cd12e5fe5a0523dc71353c66cbdad51c86b9e0bdfcd9a45698f2dab1809 bf
ab1b0f88f54227232c858accc44d9a8d41775ac026341564a2d749f4 pkRm: 04007d419b8834e7513d0e7cc66424a136ec5e11395ab353da324e3586673e
skRm: 013ef326940998544a899e15e1726548ff43bbdb23a8587aa3bef9d1b857338d87 e73d53ab34f30a0b42a92d054d0db321b80f6217e655e304f72793767c4231785c4a
287df5667037b519d6a14661e9503cfc95a154d93566d8c84e95ce93ad05293a0b 4a6e008f31b93b7a4f2b8cd12e5fe5a0523dc71353c66cbdad51c86b9e0bdfcd9a45
ikmS: 2f66a68b85ef04822b054ef521838c00c64f8b6226935593b69e13a1a2461a4f1a 698f2dab1809ab1b0f88f54227232c858accc44d9a8d41775ac026341564a2d749f4
74c10c836e87eed150c0db85d4e4f506cbb746149befac6f5c07dc48a615ef92db skRm: 013ef326940998544a899e15e1726548ff43bbdb23a8587aa3bef9d1b85733
pkSm: 04015cc3636632ea9a3879e43240beae5d15a44fba819282fac26a19c989fafdd0 8d87287df5667037b519d6a14661e9503cfc95a154d93566d8c84e95ce93ad05293a
f330b8521dff7dc393101b018c1e65b07be9f5fc9a28a1f450d6a541ee0d76221133001e 0b
8f0f6a05ab79f9b9bb9ccce142a453d59c5abebb5674839d935a3ca1a3fbc328539a60b3 ikmS: 2f66a68b85ef04822b054ef521838c00c64f8b6226935593b69e13a1a2461a
bc3c05fed22838584a726b9c176796cad0169ba4093332cbd2dc3a9f 4f1a74c10c836e87eed150c0db85d4e4f506cbb746149befac6f5c07dc48a615ef92
skSm: 001018584599625ff9953b9305849850d5e34bd789d4b81101139662fbea8b6508 db
ddb9d019b0d692e737f66beae3f1f783e744202aaf6fea01506c27287e359fe776 pkSm: 04015cc3636632ea9a3879e43240beae5d15a44fba819282fac26a19c989fa
enc: 04017de12ede7f72cb101dab36a111265c97b3654816dcd6183f809d4b3d111fe75 fdd0f330b8521dff7dc393101b018c1e65b07be9f5fc9a28a1f450d6a541ee0d7622
9497f8aefdc5dbb40d3e6d21db15bdc60f15f2a420761bcaeef73b891c2b117e9cf01e29 1133001e8f0f6a05ab79f9b9bb9ccce142a453d59c5abebb5674839d935a3ca1a3fb
320b799bbc86afdc5ea97d941ea1c5bd5ebeeac7a784b3bab524746f3e640ec26ee1bd91 c328539a60b3bc3c05fed22838584a726b9c176796cad0169ba4093332cbd2dc3a9f
255f9330d974f845084637ee0e6fe9f505c5b87c86a4e1a6c3096dd skSm: 001018584599625ff9953b9305849850d5e34bd789d4b81101139662fbea8b
shared_secret: 26648fa2a2deb0bfc56349a590fd4cb7108a51797b634694fc02061e8 6508ddb9d019b0d692e737f66beae3f1f783e744202aaf6fea01506c27287e359fe7
d91b3576ac736a68bf848fe2a58dfb1956d266e68209a4d631e513badf8f4dcfc00f30a 76
key_schedule_context: 0283a27c5b2358ab4dae1b2f5d8f57f10ccccc822a473326f5 enc: 04017de12ede7f72cb101dab36a111265c97b3654816dcd6183f809d4b3d111
43f239a70aee46347324e84e02d7651a10d08fb3dda739d22d50c53fbfa8122baacd0f9a fe759497f8aefdc5dbb40d3e6d21db15bdc60f15f2a420761bcaeef73b891c2b117e
e5913072ef45baa1f3a4b169e141feb957e48d03f28c837d8904c3d6775308c3d3faa75d 9cf01e29320b799bbc86afdc5ea97d941ea1c5bd5ebeeac7a784b3bab524746f3e64
d64adfa44e1a1141edf9349959b8f8e5291cbdc56f62b0ed6527d692e85b09a4 0ec26ee1bd91255f9330d974f845084637ee0e6fe9f505c5b87c86a4e1a6c3096dd
secret: 56b7acb7355d080922d2ddc227829c2276a0b456087654b3ac4b53828bd34af8 shared_secret: 26648fa2a2deb0bfc56349a590fd4cb7108a51797b634694fc020
cf54626f85af858a15a86eba73011665cc922bc59fd07d2975f356d2674db554 61e8d91b3576ac736a68bf848fe2a58dfb1956d266e68209a4d631e513badf8f4dcf
key: 01fced239845e53f0ec616e71777883a1f9fcab22a50f701bdeee17ad040e44d c00f30a
key_schedule_context: 0283a27c5b2358ab4dae1b2f5d8f57f10ccccc822a4733
26f543f239a70aee46347324e84e02d7651a10d08fb3dda739d22d50c53fbfa8122b
aacd0f9ae5913072ef45baa1f3a4b169e141feb957e48d03f28c837d8904c3d67753
08c3d3faa75dd64adfa44e1a1141edf9349959b8f8e5291cbdc56f62b0ed6527d692
e85b09a4
secret: 56b7acb7355d080922d2ddc227829c2276a0b456087654b3ac4b53828bd3
4af8cf54626f85af858a15a86eba73011665cc922bc59fd07d2975f356d2674db554
key:
01fced239845e53f0ec616e71777883a1f9fcab22a50f701bdeee17ad040e44d
base_nonce: 9752b85fe8c73eda183f9e80 base_nonce: 9752b85fe8c73eda183f9e80
exporter_secret: 80466a9d9cc5112ddad297e817e038801e15fa18152bc4dc010a35d exporter_secret: 80466a9d9cc5112ddad297e817e038801e15fa18152bc4dc010
7f534089c87c98b4bacd7bbc6276c4002a74085adcd9019fca6139826b5292569cfb7fe4 a35d7f534089c87c98b4bacd7bbc6276c4002a74085adcd9019fca6139826b529256
7 9cfb7fe47
]]></sourcecode> ]]></artwork>
<section anchor="encryptions-22" numbered="true" toc="default"> <section anchor="encryptions-22" numbered="true" toc="default">
<name>Encryptions</name> <name>Encryptions</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
sequence number: 0 sequence number: 0
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d30 aad: 436f756e742d30
nonce: 9752b85fe8c73eda183f9e80 nonce: 9752b85fe8c73eda183f9e80
ct: 0116aeb3a1c405c61b1ce47600b7ecd11d89b9c08c408b7e2d1e00a4d64696d12e68 ct: 0116aeb3a1c405c61b1ce47600b7ecd11d89b9c08c408b7e2d1e00a4d64696d1
81dc61688209a8207427f9 2e6881dc61688209a8207427f9
sequence number: 1 sequence number: 1
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d31 aad: 436f756e742d31
nonce: 9752b85fe8c73eda183f9e81 nonce: 9752b85fe8c73eda183f9e81
ct: 37ece0cf6741f443e9d73b9966dc0b228499bb21fbf313948327231e70a18380e080 ct: 37ece0cf6741f443e9d73b9966dc0b228499bb21fbf313948327231e70a18380
529c0267f399ba7c539cc6 e080529c0267f399ba7c539cc6
sequence number: 2 sequence number: 2
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d32 aad: 436f756e742d32
nonce: 9752b85fe8c73eda183f9e82 nonce: 9752b85fe8c73eda183f9e82
ct: d17b045cac963e45d55fd3692ec17f100df66ac06d91f3b6af8efa7ed3c8895550eb ct: d17b045cac963e45d55fd3692ec17f100df66ac06d91f3b6af8efa7ed3c88955
753bc801fe4bd27005b4bd 50eb753bc801fe4bd27005b4bd
sequence number: 4 sequence number: 4
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d34 aad: 436f756e742d34
nonce: 9752b85fe8c73eda183f9e84 nonce: 9752b85fe8c73eda183f9e84
ct: 50c523ae7c64cada96abea16ddf67a73d2914ec86a4cedb31a7e6257f7553ed24462 ct: 50c523ae7c64cada96abea16ddf67a73d2914ec86a4cedb31a7e6257f7553ed2
6ef79a57198192b2323384 44626ef79a57198192b2323384
sequence number: 255 sequence number: 255
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d323535 aad: 436f756e742d323535
nonce: 9752b85fe8c73eda183f9e7f nonce: 9752b85fe8c73eda183f9e7f
ct: 53d422295a6ce8fcc51e6f69e252e7195e64abf49252f347d8c25534f1865a6a17d9 ct: 53d422295a6ce8fcc51e6f69e252e7195e64abf49252f347d8c25534f1865a6a
49c65ce618ddc7d816111f 17d949c65ce618ddc7d816111f
sequence number: 256 sequence number: 256
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d323536 aad: 436f756e742d323536
nonce: 9752b85fe8c73eda183f9f80 nonce: 9752b85fe8c73eda183f9f80
ct: 0dfcfc22ea768880b4160fec27ab10c75fb27766c6bb97aed373a9b6eae35d31afb0 ct: 0dfcfc22ea768880b4160fec27ab10c75fb27766c6bb97aed373a9b6eae35d31
8257401075cbb602ac5abb afb08257401075cbb602ac5abb
]]></sourcecode> ]]></artwork>
</section> </section>
<section anchor="exported-values-22" numbered="true" toc="default"> <section anchor="exported-values-22" numbered="true" toc="default">
<name>Exported Values</name> <name>Exported Values</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
exporter_context: exporter_context:
L: 32 L: 32
exported_value: exported_value:
8d78748d632f95b8ce0c67d70f4ad1757e61e872b5941e146986804b3990154b 8d78748d632f95b8ce0c67d70f4ad1757e61e872b5941e146986804b3990154b
exporter_context: 00 exporter_context: 00
L: 32 L: 32
exported_value: exported_value:
80a4753230900ea785b6c80775092801fe91183746479f9b04c305e1db9d1f4d 80a4753230900ea785b6c80775092801fe91183746479f9b04c305e1db9d1f4d
exporter_context: 54657374436f6e74657874 exporter_context: 54657374436f6e74657874
L: 32 L: 32
exported_value: exported_value:
620b176d737cf366bcc20d96adb54ec156978220879b67923689e6dca36210ed 620b176d737cf366bcc20d96adb54ec156978220879b67923689e6dca36210ed
]]></sourcecode> ]]></artwork>
</section> </section>
</section> </section>
<section anchor="authpsk-setup-information-5" numbered="true" toc="defau lt"> <section anchor="authpsk-setup-information-5" numbered="true" toc="defau lt">
<name>AuthPSK Setup Information</name> <name>AuthPSK Setup Information</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
mode: 3 mode: 3
kem_id: 18 kem_id: 18
kdf_id: 3 kdf_id: 3
aead_id: 2 aead_id: 2
info: 4f6465206f6e2061204772656369616e2055726e info: 4f6465206f6e2061204772656369616e2055726e
ikmE: 54272797b1fbc128a6967ff1fd606e0c67868f7762ce1421439cbc9e90ce1b28d5 ikmE: 54272797b1fbc128a6967ff1fd606e0c67868f7762ce1421439cbc9e90ce1b
66e6c2acbce712e48eebf236696eb680849d6873e9959395b2931975d61d38bd6c 28d566e6c2acbce712e48eebf236696eb680849d6873e9959395b2931975d61d38bd
pkEm: 04000a5096a6e6e002c83517b494bfc2e36bfb8632fae8068362852b70d0ff71e5 6c
60b15aff96741ecffb63d8ac3090c3769679009ac59a99a1feb4713c5f090fc0dbed01ad pkEm: 04000a5096a6e6e002c83517b494bfc2e36bfb8632fae8068362852b70d0ff
73c45d29d369e36744e9ed37d12f80700c16d816485655169a5dd66e4ddf27f2acffe0f5 71e560b15aff96741ecffb63d8ac3090c3769679009ac59a99a1feb4713c5f090fc0
6f7f77ea2b473b4bf0518b975d9527009a3d14e5a4957e3e8a9074f8 dbed01ad73c45d29d369e36744e9ed37d12f80700c16d816485655169a5dd66e4ddf
skEm: 003430af19716084efeced1241bb1a5625b6c826f11ef31649095eb27952619e36 27f2acffe0f56f7f77ea2b473b4bf0518b975d9527009a3d14e5a4957e3e8a9074f8
f62a79ea28001ac452fb20ddfbb66e62c6c0b1be03c0d28c97794a1fb638207a83 skEm: 003430af19716084efeced1241bb1a5625b6c826f11ef31649095eb2795261
ikmR: 3db434a8bc25b27eb0c590dc64997ab1378a99f52b2cb5a5a5b2fa540888f6c0f0 9e36f62a79ea28001ac452fb20ddfbb66e62c6c0b1be03c0d28c97794a1fb638207a
9794c654f4468524e040e6b4eca2c9dcf229f908b9d318f960cc9e9baa92c5eee6 83
pkRm: 0401655b5d3b7cfafaba30851d25edc44c6dd17d99410efbed8591303b4dbeea8c ikmR: 3db434a8bc25b27eb0c590dc64997ab1378a99f52b2cb5a5a5b2fa540888f6
b1045d5255f9a60384c3bbd4a3386ae6e6fab341dc1f8db0eed5f0ab1aaac6d7838e00da c0f09794c654f4468524e040e6b4eca2c9dcf229f908b9d318f960cc9e9baa92c5ee
df8a1c2c64b48f89c633721e88369e54104b31368f26e35d04a442b0b428510fb23caada e6
686add16492f333b0f7ba74c391d779b788df2c38d7a7f4778009d91 pkRm: 0401655b5d3b7cfafaba30851d25edc44c6dd17d99410efbed8591303b4dbe
skRm: 0053c0bc8c1db4e9e5c3e3158bfdd7fc716aef12db13c8515adf821dd692ba3ca5 ea8cb1045d5255f9a60384c3bbd4a3386ae6e6fab341dc1f8db0eed5f0ab1aaac6d7
3041029128ee19c8556e345c4bcb840bb7fd789f97fe10f17f0e2c6c2528072843 838e00dadf8a1c2c64b48f89c633721e88369e54104b31368f26e35d04a442b0b428
ikmS: 65d523d9b37e1273eb25ad0527d3a7bd33f67208dd1666d9904c6bc04969ae5831 510fb23caada686add16492f333b0f7ba74c391d779b788df2c38d7a7f4778009d91
a8b849e7ff642581f2c3e56be84609600d3c6bbdaded3f6989c37d2892b1e978d5 skRm: 0053c0bc8c1db4e9e5c3e3158bfdd7fc716aef12db13c8515adf821dd692ba
pkSm: 040013761e97007293d57de70962876b4926f69a52680b4714bee1d4236aa96c19 3ca53041029128ee19c8556e345c4bcb840bb7fd789f97fe10f17f0e2c6c25280728
b840c57e80b14e91258f0a350e3f7ba59f3f091633aede4c7ec4fa8918323aa45d590107 43
6dec8eeb22899fda9ab9e1960003ff0535f53c02c40f2ae4cdc6070a3870b85b4bdd0bb7 ikmS: 65d523d9b37e1273eb25ad0527d3a7bd33f67208dd1666d9904c6bc04969ae
7f1f889e7ee51f465a308f08c666ad3407f75dc046b2ff5a24dbe2ed 5831a8b849e7ff642581f2c3e56be84609600d3c6bbdaded3f6989c37d2892b1e978
skSm: 003f64675fc8914ec9e2b3ecf13585b26dbaf3d5d805042ba487a5070b8c5ac1d3 d5
9b17e2161771cc1b4d0a3ba6e866f4ea4808684b56af2a49b5e5111146d45d9326 pkSm: 040013761e97007293d57de70962876b4926f69a52680b4714bee1d4236aa9
psk: 0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82 6c19b840c57e80b14e91258f0a350e3f7ba59f3f091633aede4c7ec4fa8918323aa4
5d5901076dec8eeb22899fda9ab9e1960003ff0535f53c02c40f2ae4cdc6070a3870
b85b4bdd0bb77f1f889e7ee51f465a308f08c666ad3407f75dc046b2ff5a24dbe2ed
skSm: 003f64675fc8914ec9e2b3ecf13585b26dbaf3d5d805042ba487a5070b8c5a
c1d39b17e2161771cc1b4d0a3ba6e866f4ea4808684b56af2a49b5e5111146d45d93
26
psk:
0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82
psk_id: 456e6e796e20447572696e206172616e204d6f726961 psk_id: 456e6e796e20447572696e206172616e204d6f726961
enc: 04000a5096a6e6e002c83517b494bfc2e36bfb8632fae8068362852b70d0ff71e56 enc: 04000a5096a6e6e002c83517b494bfc2e36bfb8632fae8068362852b70d0ff7
0b15aff96741ecffb63d8ac3090c3769679009ac59a99a1feb4713c5f090fc0dbed01ad7 1e560b15aff96741ecffb63d8ac3090c3769679009ac59a99a1feb4713c5f090fc0d
3c45d29d369e36744e9ed37d12f80700c16d816485655169a5dd66e4ddf27f2acffe0f56 bed01ad73c45d29d369e36744e9ed37d12f80700c16d816485655169a5dd66e4ddf2
f7f77ea2b473b4bf0518b975d9527009a3d14e5a4957e3e8a9074f8 7f2acffe0f56f7f77ea2b473b4bf0518b975d9527009a3d14e5a4957e3e8a9074f8
shared_secret: 9e1d5f62cb38229f57f68948a0fbc1264499910cce50ec62cb24188c5 shared_secret: 9e1d5f62cb38229f57f68948a0fbc1264499910cce50ec62cb241
b0a98868f3c1cfa8c5baa97b3f24db3cdd30df6e04eae83dc4347be8a981066c3b5b945 88c5b0a98868f3c1cfa8c5baa97b3f24db3cdd30df6e04eae83dc4347be8a981066c
key_schedule_context: 0324497637cf18d6fbcc16e9f652f00244c981726f293bb781 3b5b945
9861e85e50c94f0be30e022ab081e18e6f299fd3d3d976a4bc590f85bc7711bfce32ee1a key_schedule_context: 0324497637cf18d6fbcc16e9f652f00244c981726f293b
7fb1c154ef45baa1f3a4b169e141feb957e48d03f28c837d8904c3d6775308c3d3faa75d b7819861e85e50c94f0be30e022ab081e18e6f299fd3d3d976a4bc590f85bc7711bf
d64adfa44e1a1141edf9349959b8f8e5291cbdc56f62b0ed6527d692e85b09a4 ce32ee1a7fb1c154ef45baa1f3a4b169e141feb957e48d03f28c837d8904c3d67753
secret: 50a57775958037a04098e0054576cd3bc084d0d08d29548ba4befa5676b91eb4 08c3d3faa75dd64adfa44e1a1141edf9349959b8f8e5291cbdc56f62b0ed6527d692
dcd0752813a052c9a930d0aba6ca10b89dd690b64032dc635dece35d1bf4645c e85b09a4
key: 1316ed34bd52374854ed0e5cb0394ca0a79b2d8ce7f15d5104f21acdfb594286 secret: 50a57775958037a04098e0054576cd3bc084d0d08d29548ba4befa5676b9
1eb4dcd0752813a052c9a930d0aba6ca10b89dd690b64032dc635dece35d1bf4645c
key:
1316ed34bd52374854ed0e5cb0394ca0a79b2d8ce7f15d5104f21acdfb594286
base_nonce: d9c64ec8deb8a0647fafe8ff base_nonce: d9c64ec8deb8a0647fafe8ff
exporter_secret: 6cb00ff99aebb2e4a05042ce0d048326dd2c03acd61a601b1038a65 exporter_secret: 6cb00ff99aebb2e4a05042ce0d048326dd2c03acd61a601b103
398406a96ab8b5da3187412b2324089ea16ba4ff7e6f4fe55d281fc8ae5f2049032b69eb 8a65398406a96ab8b5da3187412b2324089ea16ba4ff7e6f4fe55d281fc8ae5f2049
d 032b69ebd
]]></sourcecode> ]]></artwork>
<section anchor="encryptions-23" numbered="true" toc="default"> <section anchor="encryptions-23" numbered="true" toc="default">
<name>Encryptions</name> <name>Encryptions</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
sequence number: 0 sequence number: 0
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d30 aad: 436f756e742d30
nonce: d9c64ec8deb8a0647fafe8ff nonce: d9c64ec8deb8a0647fafe8ff
ct: 942a2a92e0817cf032ce61abccf4f3a7c5d21b794ed943227e07b7df2d6dd92c9b8a ct: 942a2a92e0817cf032ce61abccf4f3a7c5d21b794ed943227e07b7df2d6dd92c
9371949e65cca262448ab7 9b8a9371949e65cca262448ab7
sequence number: 1 sequence number: 1
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d31 aad: 436f756e742d31
nonce: d9c64ec8deb8a0647fafe8fe nonce: d9c64ec8deb8a0647fafe8fe
ct: c0a83b5ec3d7933a090f681717290337b4fede5bfaa0a40ec29f93acad742888a151 ct: c0a83b5ec3d7933a090f681717290337b4fede5bfaa0a40ec29f93acad742888
3c649104c391c78d1d7f29 a1513c649104c391c78d1d7f29
sequence number: 2 sequence number: 2
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d32 aad: 436f756e742d32
nonce: d9c64ec8deb8a0647fafe8fd nonce: d9c64ec8deb8a0647fafe8fd
ct: 2847b2e0ce0b9da8fca7b0e81ff389d1682ee1b388ed09579b145058b5af6a93a85d ct: 2847b2e0ce0b9da8fca7b0e81ff389d1682ee1b388ed09579b145058b5af6a93
d50d9f417dc88f2c785312 a85dd50d9f417dc88f2c785312
sequence number: 4 sequence number: 4
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d34 aad: 436f756e742d34
nonce: d9c64ec8deb8a0647fafe8fb nonce: d9c64ec8deb8a0647fafe8fb
ct: fbd9948ab9ac4a9cb9e295c07273600e6a111a3a89241d3e2178f39d532a2ec5c15b ct: fbd9948ab9ac4a9cb9e295c07273600e6a111a3a89241d3e2178f39d532a2ec5
9b0c6937ac84c88e0ca76f c15b9b0c6937ac84c88e0ca76f
sequence number: 255 sequence number: 255
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d323535 aad: 436f756e742d323535
nonce: d9c64ec8deb8a0647fafe800 nonce: d9c64ec8deb8a0647fafe800
ct: 63113a870131b567db8f39a11b4541eafbd2d3cf3a9bf9e5c1cfcb41e52f9027310b ct: 63113a870131b567db8f39a11b4541eafbd2d3cf3a9bf9e5c1cfcb41e52f9027
82a4868215959131694d15 310b82a4868215959131694d15
sequence number: 256 sequence number: 256
pt: 4265617574792069732074727574682c20747275746820626561757479 pt: 4265617574792069732074727574682c20747275746820626561757479
aad: 436f756e742d323536 aad: 436f756e742d323536
nonce: d9c64ec8deb8a0647fafe9ff nonce: d9c64ec8deb8a0647fafe9ff
ct: 24f9d8dadd2107376ccd143f70f9bafcd2b21d8117d45ff327e9a78f603a32606e42 ct: 24f9d8dadd2107376ccd143f70f9bafcd2b21d8117d45ff327e9a78f603a3260
a6a8bdb57a852591d20907 6e42a6a8bdb57a852591d20907
]]></sourcecode> ]]></artwork>
</section> </section>
<section anchor="exported-values-23" numbered="true" toc="default"> <section anchor="exported-values-23" numbered="true" toc="default">
<name>Exported Values</name> <name>Exported Values</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
exporter_context: exporter_context:
L: 32 L: 32
exported_value: exported_value:
a39502ef5ca116aa1317bd9583dd52f15b0502b71d900fc8a622d19623d0cb5d a39502ef5ca116aa1317bd9583dd52f15b0502b71d900fc8a622d19623d0cb5d
exporter_context: 00 exporter_context: 00
L: 32 L: 32
exported_value: exported_value:
749eda112c4cfdd6671d84595f12cd13198fc3ef93ed72369178f344fe6e09c3 749eda112c4cfdd6671d84595f12cd13198fc3ef93ed72369178f344fe6e09c3
exporter_context: 54657374436f6e74657874 exporter_context: 54657374436f6e74657874
L: 32 L: 32
exported_value: exported_value:
f8b4e72cefbff4ca6c4eabb8c0383287082cfcbb953d900aed4959afd0017095 f8b4e72cefbff4ca6c4eabb8c0383287082cfcbb953d900aed4959afd0017095
]]></sourcecode> ]]></artwork>
</section> </section>
</section> </section>
</section> </section>
<section anchor="dhkemx25519-hkdf-sha256-hkdf-sha256-export-only-aead" num bered="true" toc="default"> <section anchor="dhkemx25519-hkdf-sha256-hkdf-sha256-export-only-aead" num bered="true" toc="default">
<name>DHKEM(X25519, HKDF-SHA256), HKDF-SHA256, Export-Only AEAD</name> <name>DHKEM(X25519, HKDF-SHA256), HKDF-SHA256, Export-Only AEAD</name>
<section anchor="base-setup-information-6" numbered="true" toc="default" > <section anchor="base-setup-information-6" numbered="true" toc="default" >
<name>Base Setup Information</name> <name>Base Setup Information</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
mode: 0 mode: 0
kem_id: 32 kem_id: 32
kdf_id: 1 kdf_id: 1
aead_id: 65535 aead_id: 65535
info: 4f6465206f6e2061204772656369616e2055726e info: 4f6465206f6e2061204772656369616e2055726e
ikmE: 55bc245ee4efda25d38f2d54d5bb6665291b99f8108a8c4b686c2b14893ea5d9 ikmE:
pkEm: e5e8f9bfff6c2f29791fc351d2c25ce1299aa5eaca78a757c0b4fb4bcd830918 55bc245ee4efda25d38f2d54d5bb6665291b99f8108a8c4b686c2b14893ea5d9
skEm: 095182b502f1f91f63ba584c7c3ec473d617b8b4c2cec3fad5af7fa6748165ed pkEm:
ikmR: 683ae0da1d22181e74ed2e503ebf82840deb1d5e872cade20f4b458d99783e31 e5e8f9bfff6c2f29791fc351d2c25ce1299aa5eaca78a757c0b4fb4bcd830918
pkRm: 194141ca6c3c3beb4792cd97ba0ea1faff09d98435012345766ee33aae2d7664 skEm:
skRm: 33d196c830a12f9ac65d6e565a590d80f04ee9b19c83c87f2c170d972a812848 095182b502f1f91f63ba584c7c3ec473d617b8b4c2cec3fad5af7fa6748165ed
enc: e5e8f9bfff6c2f29791fc351d2c25ce1299aa5eaca78a757c0b4fb4bcd830918 ikmR:
683ae0da1d22181e74ed2e503ebf82840deb1d5e872cade20f4b458d99783e31
pkRm:
194141ca6c3c3beb4792cd97ba0ea1faff09d98435012345766ee33aae2d7664
skRm:
33d196c830a12f9ac65d6e565a590d80f04ee9b19c83c87f2c170d972a812848
enc:
e5e8f9bfff6c2f29791fc351d2c25ce1299aa5eaca78a757c0b4fb4bcd830918
shared_secret: shared_secret:
e81716ce8f73141d4f25ee9098efc968c91e5b8ce52ffff59d64039e82918b66 e81716ce8f73141d4f25ee9098efc968c91e5b8ce52ffff59d64039e82918b66
key_schedule_context: 009bd09219212a8cf27c6bb5d54998c5240793a70ca0a89223 key_schedule_context: 009bd09219212a8cf27c6bb5d54998c5240793a70ca0a8
4bd5e082bc619b6a3f4c22aa6d9a0424c2b4292fdf43b8257df93c2f6adbf6ddc9c64fee 92234bd5e082bc619b6a3f4c22aa6d9a0424c2b4292fdf43b8257df93c2f6adbf6dd
26bdd292 c9c64fee26bdd292
secret: 04d64e0620aa047e9ab833b0ebcd4ff026cefbe44338fd7d1a93548102ee01af secret:
04d64e0620aa047e9ab833b0ebcd4ff026cefbe44338fd7d1a93548102ee01af
key: key:
base_nonce: base_nonce:
exporter_secret: exporter_secret:
79dc8e0509cf4a3364ca027e5a0138235281611ca910e435e8ed58167c72f79b 79dc8e0509cf4a3364ca027e5a0138235281611ca910e435e8ed58167c72f79b
]]></sourcecode> ]]></artwork>
<section anchor="exported-values-24" numbered="true" toc="default"> <section anchor="exported-values-24" numbered="true" toc="default">
<name>Exported Values</name> <name>Exported Values</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
exporter_context: exporter_context:
L: 32 L: 32
exported_value: exported_value:
7a36221bd56d50fb51ee65edfd98d06a23c4dc87085aa5866cb7087244bd2a36 7a36221bd56d50fb51ee65edfd98d06a23c4dc87085aa5866cb7087244bd2a36
exporter_context: 00 exporter_context: 00
L: 32 L: 32
exported_value: exported_value:
d5535b87099c6c3ce80dc112a2671c6ec8e811a2f284f948cec6dd1708ee33f0 d5535b87099c6c3ce80dc112a2671c6ec8e811a2f284f948cec6dd1708ee33f0
exporter_context: 54657374436f6e74657874 exporter_context: 54657374436f6e74657874
L: 32 L: 32
exported_value: exported_value:
ffaabc85a776136ca0c378e5d084c9140ab552b78f039d2e8775f26efff4c70e ffaabc85a776136ca0c378e5d084c9140ab552b78f039d2e8775f26efff4c70e
]]></sourcecode> ]]></artwork>
</section> </section>
</section> </section>
<section anchor="psk-setup-information-6" numbered="true" toc="default"> <section anchor="psk-setup-information-6" numbered="true" toc="default">
<name>PSK Setup Information</name> <name>PSK Setup Information</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
mode: 1 mode: 1
kem_id: 32 kem_id: 32
kdf_id: 1 kdf_id: 1
aead_id: 65535 aead_id: 65535
info: 4f6465206f6e2061204772656369616e2055726e info: 4f6465206f6e2061204772656369616e2055726e
ikmE: c51211a8799f6b8a0021fcba673d9c4067a98ebc6794232e5b06cb9febcbbdf5 ikmE:
pkEm: d3805a97cbcd5f08babd21221d3e6b362a700572d14f9bbeb94ec078d051ae3d c51211a8799f6b8a0021fcba673d9c4067a98ebc6794232e5b06cb9febcbbdf5
skEm: 1d72396121a6a826549776ef1a9d2f3a2907fc6a38902fa4e401afdb0392e627 pkEm:
ikmR: 5e0516b1b29c0e13386529da16525210c796f7d647c37eac118023a6aa9eb89a d3805a97cbcd5f08babd21221d3e6b362a700572d14f9bbeb94ec078d051ae3d
pkRm: d53af36ea5f58f8868bb4a1333ed4cc47e7a63b0040eb54c77b9c8ec456da824 skEm:
skRm: 98f304d4ecb312689690b113973c61ffe0aa7c13f2fbe365e48f3ed09e5a6a0c 1d72396121a6a826549776ef1a9d2f3a2907fc6a38902fa4e401afdb0392e627
psk: 0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82 ikmR:
5e0516b1b29c0e13386529da16525210c796f7d647c37eac118023a6aa9eb89a
pkRm:
d53af36ea5f58f8868bb4a1333ed4cc47e7a63b0040eb54c77b9c8ec456da824
skRm:
98f304d4ecb312689690b113973c61ffe0aa7c13f2fbe365e48f3ed09e5a6a0c
psk:
0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82
psk_id: 456e6e796e20447572696e206172616e204d6f726961 psk_id: 456e6e796e20447572696e206172616e204d6f726961
enc: d3805a97cbcd5f08babd21221d3e6b362a700572d14f9bbeb94ec078d051ae3d enc:
d3805a97cbcd5f08babd21221d3e6b362a700572d14f9bbeb94ec078d051ae3d
shared_secret: shared_secret:
024573db58c887decb4c57b6ed39f2c9a09c85600a8a0ecb11cac24c6aaec195 024573db58c887decb4c57b6ed39f2c9a09c85600a8a0ecb11cac24c6aaec195
key_schedule_context: 01446fb1fe2632a0a338f0a85ed1f3a0ac475bdea2cd72f8c7 key_schedule_context: 01446fb1fe2632a0a338f0a85ed1f3a0ac475bdea2cd72
13b3a46ee737379a3f4c22aa6d9a0424c2b4292fdf43b8257df93c2f6adbf6ddc9c64fee f8c713b3a46ee737379a3f4c22aa6d9a0424c2b4292fdf43b8257df93c2f6adbf6dd
26bdd292 c9c64fee26bdd292
secret: 638b94532e0d0bf812cf294f36b97a5bdcb0299df36e22b7bb6858e3c113080b secret:
638b94532e0d0bf812cf294f36b97a5bdcb0299df36e22b7bb6858e3c113080b
key: key:
base_nonce: base_nonce:
exporter_secret: exporter_secret:
04261818aeae99d6aba5101bd35ddf3271d909a756adcef0d41389d9ed9ab153 04261818aeae99d6aba5101bd35ddf3271d909a756adcef0d41389d9ed9ab153
]]></sourcecode> ]]></artwork>
<section anchor="exported-values-25" numbered="true" toc="default"> <section anchor="exported-values-25" numbered="true" toc="default">
<name>Exported Values</name> <name>Exported Values</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
exporter_context: exporter_context:
L: 32 L: 32
exported_value: exported_value:
be6c76955334376aa23e936be013ba8bbae90ae74ed995c1c6157e6f08dd5316 be6c76955334376aa23e936be013ba8bbae90ae74ed995c1c6157e6f08dd5316
exporter_context: 00 exporter_context: 00
L: 32 L: 32
exported_value: exported_value:
1721ed2aa852f84d44ad020c2e2be4e2e6375098bf48775a533505fd56a3f416 1721ed2aa852f84d44ad020c2e2be4e2e6375098bf48775a533505fd56a3f416
exporter_context: 54657374436f6e74657874 exporter_context: 54657374436f6e74657874
L: 32 L: 32
exported_value: exported_value:
7c9d79876a288507b81a5a52365a7d39cc0fa3f07e34172984f96fec07c44cba 7c9d79876a288507b81a5a52365a7d39cc0fa3f07e34172984f96fec07c44cba
]]></sourcecode> ]]></artwork>
</section> </section>
</section> </section>
<section anchor="auth-setup-information-6" numbered="true" toc="default" > <section anchor="auth-setup-information-6" numbered="true" toc="default" >
<name>Auth Setup Information</name> <name>Auth Setup Information</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
mode: 2 mode: 2
kem_id: 32 kem_id: 32
kdf_id: 1 kdf_id: 1
aead_id: 65535 aead_id: 65535
info: 4f6465206f6e2061204772656369616e2055726e info: 4f6465206f6e2061204772656369616e2055726e
ikmE: 43b078912a54b591a7b09b16ce89a1955a9dd60b29fb611e044260046e8b061b ikmE:
pkEm: 5ac1671a55c5c3875a8afe74664aa8bc68830be9ded0c5f633cd96400e8b5c05 43b078912a54b591a7b09b16ce89a1955a9dd60b29fb611e044260046e8b061b
skEm: 83d3f217071bbf600ba6f081f6e4005d27b97c8001f55cb5ff6ea3bbea1d9295 pkEm:
ikmR: fc9407ae72ed614901ebf44257fb540f617284b5361cfecd620bafc4aba36f73 5ac1671a55c5c3875a8afe74664aa8bc68830be9ded0c5f633cd96400e8b5c05
pkRm: ffd7ac24694cb17939d95feb7c4c6539bb31621deb9b96d715a64abdd9d14b10 skEm:
skRm: ed88cda0e91ca5da64b6ad7fc34a10f096fa92f0b9ceff9d2c55124304ed8b4a 83d3f217071bbf600ba6f081f6e4005d27b97c8001f55cb5ff6ea3bbea1d9295
ikmS: 2ff4c37a17b2e54046a076bf5fea9c3d59250d54d0dc8572bc5f7c046307040c ikmR:
pkSm: 89eb1feae431159a5250c5186f72a15962c8d0debd20a8389d8b6e4996e14306 fc9407ae72ed614901ebf44257fb540f617284b5361cfecd620bafc4aba36f73
skSm: c85f136e06d72d28314f0e34b10aadc8d297e9d71d45a5662c2b7c3b9f9f9405 pkRm:
enc: 5ac1671a55c5c3875a8afe74664aa8bc68830be9ded0c5f633cd96400e8b5c05 ffd7ac24694cb17939d95feb7c4c6539bb31621deb9b96d715a64abdd9d14b10
skRm:
ed88cda0e91ca5da64b6ad7fc34a10f096fa92f0b9ceff9d2c55124304ed8b4a
ikmS:
2ff4c37a17b2e54046a076bf5fea9c3d59250d54d0dc8572bc5f7c046307040c
pkSm:
89eb1feae431159a5250c5186f72a15962c8d0debd20a8389d8b6e4996e14306
skSm:
c85f136e06d72d28314f0e34b10aadc8d297e9d71d45a5662c2b7c3b9f9f9405
enc:
5ac1671a55c5c3875a8afe74664aa8bc68830be9ded0c5f633cd96400e8b5c05
shared_secret: shared_secret:
e204156fd17fd65b132d53a0558cd67b7c0d7095ee494b00f47d686eb78f8fb3 e204156fd17fd65b132d53a0558cd67b7c0d7095ee494b00f47d686eb78f8fb3
key_schedule_context: 029bd09219212a8cf27c6bb5d54998c5240793a70ca0a89223 key_schedule_context: 029bd09219212a8cf27c6bb5d54998c5240793a70ca0a8
4bd5e082bc619b6a3f4c22aa6d9a0424c2b4292fdf43b8257df93c2f6adbf6ddc9c64fee 92234bd5e082bc619b6a3f4c22aa6d9a0424c2b4292fdf43b8257df93c2f6adbf6dd
26bdd292 c9c64fee26bdd292
secret: 355e7ef17f438db43152b7fb45a0e2f49a8bf8956d5dddfec1758c0f0eb1b5d5 secret:
355e7ef17f438db43152b7fb45a0e2f49a8bf8956d5dddfec1758c0f0eb1b5d5
key: key:
base_nonce: base_nonce:
exporter_secret: exporter_secret:
276d87e5cb0655c7d3dad95e76e6fc02746739eb9d968955ccf8a6346c97509e 276d87e5cb0655c7d3dad95e76e6fc02746739eb9d968955ccf8a6346c97509e
]]></sourcecode> ]]></artwork>
<section anchor="exported-values-26" numbered="true" toc="default"> <section anchor="exported-values-26" numbered="true" toc="default">
<name>Exported Values</name> <name>Exported Values</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
exporter_context: exporter_context:
L: 32 L: 32
exported_value: exported_value:
83c1bac00a45ed4cb6bd8a6007d2ce4ec501f55e485c5642bd01bf6b6d7d6f0a 83c1bac00a45ed4cb6bd8a6007d2ce4ec501f55e485c5642bd01bf6b6d7d6f0a
exporter_context: 00 exporter_context: 00
L: 32 L: 32
exported_value: exported_value:
08a1d1ad2af3ef5bc40232a64f920650eb9b1034fac3892f729f7949621bf06e 08a1d1ad2af3ef5bc40232a64f920650eb9b1034fac3892f729f7949621bf06e
exporter_context: 54657374436f6e74657874 exporter_context: 54657374436f6e74657874
L: 32 L: 32
exported_value: exported_value:
ff3b0e37a9954247fea53f251b799e2edd35aac7152c5795751a3da424feca73 ff3b0e37a9954247fea53f251b799e2edd35aac7152c5795751a3da424feca73
]]></sourcecode> ]]></artwork>
</section> </section>
</section> </section>
<section anchor="authpsk-setup-information-6" numbered="true" toc="defau lt"> <section anchor="authpsk-setup-information-6" numbered="true" toc="defau lt">
<name>AuthPSK Setup Information</name> <name>AuthPSK Setup Information</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
mode: 3 mode: 3
kem_id: 32 kem_id: 32
kdf_id: 1 kdf_id: 1
aead_id: 65535 aead_id: 65535
info: 4f6465206f6e2061204772656369616e2055726e info: 4f6465206f6e2061204772656369616e2055726e
ikmE: 94efae91e96811a3a49fd1b20eb0344d68ead6ac01922c2360779aa172487f40 ikmE:
pkEm: 81cbf4bd7eee97dd0b600252a1c964ea186846252abb340be47087cc78f3d87c 94efae91e96811a3a49fd1b20eb0344d68ead6ac01922c2360779aa172487f40
skEm: a2b43f5c67d0d560ee04de0122c765ea5165e328410844db97f74595761bbb81 pkEm:
ikmR: 4dfde6fadfe5cb50fced4034e84e6d3a104aa4bf2971360032c1c0580e286663 81cbf4bd7eee97dd0b600252a1c964ea186846252abb340be47087cc78f3d87c
pkRm: f47cd9d6993d2e2234eb122b425accfb486ee80f89607b087094e9f413253c2d skEm:
skRm: c4962a7f97d773a47bdf40db4b01dc6a56797c9e0deaab45f4ea3aa9b1d72904 a2b43f5c67d0d560ee04de0122c765ea5165e328410844db97f74595761bbb81
ikmS: 26c12fef8d71d13bbbf08ce8157a283d5e67ecf0f345366b0e90341911110f1b ikmR:
pkSm: 29a5bf3867a6128bbdf8e070abe7fe70ca5e07b629eba5819af73810ee20112f 4dfde6fadfe5cb50fced4034e84e6d3a104aa4bf2971360032c1c0580e286663
skSm: 6175b2830c5743dff5b7568a7e20edb1fe477fb0487ca21d6433365be90234d0 pkRm:
psk: 0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82 f47cd9d6993d2e2234eb122b425accfb486ee80f89607b087094e9f413253c2d
skRm:
c4962a7f97d773a47bdf40db4b01dc6a56797c9e0deaab45f4ea3aa9b1d72904
ikmS:
26c12fef8d71d13bbbf08ce8157a283d5e67ecf0f345366b0e90341911110f1b
pkSm:
29a5bf3867a6128bbdf8e070abe7fe70ca5e07b629eba5819af73810ee20112f
skSm:
6175b2830c5743dff5b7568a7e20edb1fe477fb0487ca21d6433365be90234d0
psk:
0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82
psk_id: 456e6e796e20447572696e206172616e204d6f726961 psk_id: 456e6e796e20447572696e206172616e204d6f726961
enc: 81cbf4bd7eee97dd0b600252a1c964ea186846252abb340be47087cc78f3d87c enc:
81cbf4bd7eee97dd0b600252a1c964ea186846252abb340be47087cc78f3d87c
shared_secret: shared_secret:
d69246bcd767e579b1eec80956d7e7dfbd2902dad920556f0de69bd54054a2d1 d69246bcd767e579b1eec80956d7e7dfbd2902dad920556f0de69bd54054a2d1
key_schedule_context: 03446fb1fe2632a0a338f0a85ed1f3a0ac475bdea2cd72f8c7 key_schedule_context: 03446fb1fe2632a0a338f0a85ed1f3a0ac475bdea2cd72
13b3a46ee737379a3f4c22aa6d9a0424c2b4292fdf43b8257df93c2f6adbf6ddc9c64fee f8c713b3a46ee737379a3f4c22aa6d9a0424c2b4292fdf43b8257df93c2f6adbf6dd
26bdd292 c9c64fee26bdd292
secret: c15c5bec374f2087c241d3533c6ec48e1c60a21dd00085619b2ffdd84a7918c3 secret:
c15c5bec374f2087c241d3533c6ec48e1c60a21dd00085619b2ffdd84a7918c3
key: key:
base_nonce: base_nonce:
exporter_secret: exporter_secret:
695b1faa479c0e0518b6414c3b46e8ef5caea04c0a192246843765ae6a8a78e0 695b1faa479c0e0518b6414c3b46e8ef5caea04c0a192246843765ae6a8a78e0
]]></sourcecode> ]]></artwork>
<section anchor="exported-values-27" numbered="true" toc="default"> <section anchor="exported-values-27" numbered="true" toc="default">
<name>Exported Values</name> <name>Exported Values</name>
<sourcecode name="" type=""><![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
exporter_context: exporter_context:
L: 32 L: 32
exported_value: exported_value:
dafd8beb94c5802535c22ff4c1af8946c98df2c417e187c6ccafe45335810b58 dafd8beb94c5802535c22ff4c1af8946c98df2c417e187c6ccafe45335810b58
exporter_context: 00 exporter_context: 00
L: 32 L: 32
exported_value: exported_value:
7346bb0b56caf457bcc1aa63c1b97d9834644bdacac8f72dbbe3463e4e46b0dd 7346bb0b56caf457bcc1aa63c1b97d9834644bdacac8f72dbbe3463e4e46b0dd
exporter_context: 54657374436f6e74657874 exporter_context: 54657374436f6e74657874
L: 32 L: 32
exported_value: exported_value:
84f3466bd5a03bde6444324e63d7560e7ac790da4e5bbab01e7c4d575728c34a 84f3466bd5a03bde6444324e63d7560e7ac790da4e5bbab01e7c4d575728c34a
]]></sourcecode> ]]></artwork>
</section> </section>
</section> </section>
</section> </section>
</section> </section>
<section anchor="acknowledgements" numbered="false" toc="default"> </back>
<name>Acknowledgements</name> <!-- ##markdown-source:
<t>The authors would like to thank H4sIAPYG32EAA9S92Xbj2JUo+H6+AqVYqy25SAbnQVnpKoWkyJAzpiuF7fR1
<contact fullname="Joel Alwen"/>, +4ZAABRhkQQNgKGQI6O+pR/67b73B3T9WO/pTAAoKex09+1cuTJFEjjDPvvs
<contact fullname="Jean-Philippe Aumasson"/>, eWi326pMy1VyHLy6n+dpHLzfzVdpFPyY3Afnmyi/35ZptlHhfJ4nn+Ch9z+e
<contact fullname="David Benjamin"/>, qziLNuEaXonzcFG207xctKNFftNebm+T9iosk6JUMfzvWEXw35ssvz8O0s0i
<contact fullname="Benjamin Beurdouche"/>, U3dZfnuTZ7vtcXCxKZN8k5TBZVIkYR4tgw9hcRu8zPIoCQ4vLj+8PFIq3ebH
<contact fullname="Bruno Blanchet"/>, QZnvirLf7c66fXWb3MMYsX29fYZrUKoow038MVxlG1jXfVKobXoc/KnMolZQ
<contact fullname="Frank Denis"/>, ZHmZJ4sC/rpf4x9/VirclcssP1ZBO4CVFcfBZSd4EcKAhQrgH97eZRotwzwO
<contact fullname="Stephen Farrell"/>, Xnu/ZfnNcXCaFlFGH5N1mK6Og3w1/490+6lTfLZj/gjvwQA34adw4wz7Y5iX
<contact fullname="Scott Fluhrer"/>, y/S28hsNe7HJ09Ad9pafTe7DTWeun/+PFB/rLHI71YtO8Drdbp1ZXiSbv4Tr
<contact fullname="Eduard Hauck"/>, dGO/b54hTcrFf8zl4RU824kTO+5pJ/hDlsXOuKfLPC3KbLtM8uDE+ZXBssp2
<contact fullname="Scott Hollenbeck"/>, 8WIV5ok7RRTe/ccyCbfp5maelkUHjg2OFvAhX4dl+gnQJAhOr7q9Y3pJ0PHg
<contact fullname="Kevin Jacobs"/>, LCnSm00AxxqcbMLVfZEWQbYI3udhVKZRuBJMbfuYGlxFy2SdFMFVEu3yJAhv
<contact fullname="Burt Kaliski"/>, QthIGZzE4RbngvVnRbKBA8QdlMln+Kksw+j2gCcHECflcbAsy21x/Px5ss3T
<contact fullname="Eike Kiltz"/>, TdlJwyjvwA6fAxr2nve6U3qYUDzAr+ijwSn6py3/t/h1mgMAc/O14FgGe4v9
<contact fullname="Julia Len"/>, 3yqv/r4TXC3hzlTe/H0alVkuP8Fvr1792B37ILzK1nCX0s1RsVss0ihNNmUQ
<contact fullname="John Mattsson"/>, ZZs4RUgVARxAUDCYlnz5EwPHJ4Nj/Lw/HvngGD8Ojt92gldJnoebv1V29dvw
<contact fullname="Christopher Patton"/>, UwqY5f9YefkMXs4WyyStvX2WbDaAJpVfK6+fd4If01VZffccrpn8AL/8cPLe
<contact fullname="Doreen Riepel"/>, h+WHZRL8EG7b7/NsvkrWBVyRMHib3AHOh4VgpvyCcC3hcULBtLzHH08RrtlN
<contact fullname="Raphael Robert"/>, Hm6XQF0FSZuBvEo3t50CIX2T5J0oWz+HMyvh7J5v4wUgX6fX7U6eD9qjYbc9
<contact fullname="Michael Rosenberg"/>, HI6m43b/47QDv30zUn7oBO9uw3VWZhVYfAjLYhfeppWf6+fwPgN8gM18ClfV
<contact fullname="Michael Scott"/>, o4CDjGu/F0mewr2Gu6+XdHH14u1xMJtM2+6OZngGJ2+vLvxDwG+Cn2ad8cDl
<contact fullname="Martin Thomson"/>, Uw5s7w3wX6abcBOlQCeukvxTGgFJuNjEwEny+6DdpvdObvIEjgEuBRIZ/OYD
<contact fullname="Steven Valdez"/>, IF2xBX4R/A4WeROcr4AiArUJTnc50g5nooNvhbb5QJTyBK47ULFN8DbE64bL
<contact fullname="Riad Wahby"/>, RA4G7AbXWcCGd2WCQLg4Pz/vDcYDDxD4ZYDfhi3zXnC1TaIUrnlob/c+ILVx
and other contributors in the CFRG for helpful feedback that greatly improved th /k1Me+8hOE5iJgqwjg9JtNykf91p9DRbHH7jFs02EP/PV0lU5kS3Edj8Mduk
is document.</t> UQHE+ybdJEle0Hav3vlHDl88vzg/DXrT7mDQ7rdgWGEcQOxprdkqu8Etmetm
</section> dwDfOqzhZAWiSFou6fK+B84a9GnvIBasE1yccIXqxh+nZ9WNo2yiz/UdMO1N
+jdeMB6KPjD93fPKCwKbknaBADvN1uu0KFAOg4muzk9/8EH0AJa2HLTCuc8N
<!--[rfced] Throughout the text, the following terminology appears to H/Dw4QeUyVrBJ6A3Qb+ZKgGjuCGaD3/02p/6dYJDd/YFcKFZhQvt5vBHCfce
be used inconsistently. Please review the usage and let us know if/how YEV38yxZpBvCN0SNi7dn7dPTk+PgD8uE+f2r7I74GjLGZbhaJUAJ22eJOcg5
they may be made consistent. DJEW8EN2l8T//mRWNXs+7E2ra36USL5Jl2kO4tTKiDXmoH+3AYkiLzSJD1cp
wHiThsEVXOyzFCTfPYSzkU1pGeoPF3A7C8CIOFzv4WCWVT3wKuIKSFAaamf/
secret export vs. Secret Export vdeFqd9ddDQLsUR3Ohv2eu0JiREg4Wt5q0J8N54g9pC+8NQj6Xef94cD70j6
(e.g., secret export interface vs. Secret Export interface) 3cePxJV28Z99Eq9zI0HqxSufEpE5ASx9fdnvVvdHmwOyjziKcDCX5xv20xvO
Zt+8IRCHTlZ3yaYqDGX/9T9XlV9oP39Io9s90iLA5sUKON8ShOwKfPLdJqv/
WANQM8qBzBXuotuq0BTvkPX4P9GIl7tl3jYX5L/+zzJ4kUXL3T6MflQm+wcG
/4fQpXFEkHwu02Sb1ISeDCSKTfW3h5cMj705OT/pVbERyf4Wl8BUkgRKwzmS
OPg9DoSMHrnr6cX5VTOSpkmSfN6uYGEd/JMQNZyDGARq1HPQ5HcoBDwfjbvD
3mz43MPc3hMwF5STH8L7rMiCN8BQgY9Xj/CBB1gQ2m5XKWzn/RLuXuQIPy3Q
CS9OW/BaDHQGGNkWNLnmRbwkbQLkvTj5G1yXT0Coq8t48JFfbCGv3VmAHIIM
WlQW8uAjv9hCQG+/onsOm/2UrsLKIvb+TAt4n63uRfpwWFx1XmT2bz/0Ksz+
bbZBUfsEdMq3GcgkSQwbOj85Cy6TTykMkzTQUsDS+HMnzlJCTp87dQfddn88
G07bk48+Xe09hXd3aoybAfB3MPXWY1wdVPy3N5V5LmF17rf/2AxAyD6E0e06
3FQ5xYu//Nf/lW/qvzI5e/HGWNlIxn7zwhcEXrwEBaY/nM56+PPrH2qsEYVl
kteQO74D0rFKxGyyR4fdxxp7Pmt8go4KrPF1nTHuVkCgX1fZ4imAEY6UFIDm
0d4DNcp383n1Vr4Pd6vqL08c8gPyApC5NkCsqyz3wzJbh0XT7/XB4acPSVH+
PkGzTkX0ImEEfw3k52ao34Bys5uzyWABUG+yzz6fr7L589Fi1B1Eo/EwDrvd
eXc8ncwHcTIZLXrxYh4vomF3MgvjQe852nLbn3jSzl+AF1UPED6jeVKr0gax
xt3+9Pnbi6sPnav3nWm32x6NT/IBPo5fkqZSNDz88uL9Vac3HbeHZIU5fbN/
wMH0jIYLT1cVbGXDICyLUAtWhUpx4pq3jgP6K/s4zz43w3IDSN4B7L3fdsrs
OTzWWZbrVZUCKdUGDVLzU6U+LEE41lw1iJMiytM50MMwKMjkQ0qYGNu2LDnj
Mu3CgkM866MOjyQvbfPsUxrTMMC40hCGBsLR/D78EObzFNaT37cLlBTUdgX0
Gk2drAOGQZ5E6Za0QDtGJ7gog3AFfDrdRKsdzlYu4VB9ECqZv2jJY0gQsk0C
z4al92gRbLOiSEhtpUXBLpJ2sQR6G+N8ChW98i4Lsq3ovTBMUR+nNozsN9wW
uxWpzGoN1wdU7GIdHP54/uYIJko/4Zu0K7o66HeQzW/uA7gf85TVbRoSlE5j
AlAwQovmiBMahrT23Sbiw/nx7OVRi3TUfZgV3MElVKG1pwC2hMEh8sAj9zE9
JnBitNL6w2koB+vwPthkpQKNt9ht0TIFv84Br4FqwEqLTvAHgx5IjkBALFMx
AInQKDi0I83mDp5b3atdAcPgLhJjDwCgrVO0kKOfZBctASZV89dZCk8n7VdA
soDJBIfnp2evjvgs9fVvBa/enJy252HBp9wMxVcWjFevTvqd6r1JC0KXLN5F
pd4G2yvQP7RbW58RGS6Cw9OXlz8caesC+o46fDHXaRyvEqWeoYmFxyMrimMU
KsRfQIjHmJE4+ECLdD5ZE9IyBJDMQdxXBRveBKRbdlDAJ4B4lNCSYLErgEV4
X1QubuTZapLOTaelvnz598uXp71hv/f1awe1AFiS1krxwtynySou6CMOAUcR
3ogZM/4E5w+faBoHqd1paJH48jbJyZKGi5wnm2SRlvSe3a37GogeOH8easRW
7jVaArYgLIIDQXFGPTMSLhQvBk9sic4B8DaihgfqIXKoTwlQ08B6meQgEZch
aIhhEANqwmeEwRYQJ4yWx+rgBjaVIyGorwVhgNv1CEnzCpWxq65WeEa8NlgA
rKcgWEfZ5hON6S7cJ1PwOA0eutvkTcE9WGV0NeF3JKVApdYZuq58Mh5ExmVV
2FWonVgsAHuJ3tFNKu+3yX4WgYe1RkIYoqah7cUg0mvUdYn7G9ol/vU6vE9y
a2UFNL1on3XQf9her4o2gL3Momz19StCV314faUNQrD20xUSGaQcmfdiCS8m
xSYFTFcKqAweIUK5xNMFCCTBBkgCXHKE8nqblLgQPLxNtmkjU8szQONwDvJo
YQydOL2hoA7DtSBoAYQLmMgS2oxpR4XioWH2Jqfjq7kYkf6B1n3kAsv6J5T8
CrvFL79+bTlGe/hSm/XpB9/Ejb9evcMfiECen/6A/wl6QBjwAxIFOIUEHmO7
AQCc2TpK0dnuZkmgYssBPHoCrAK2VgAV+gxyKCxTaZpHJGwrbishP3CNoxD4
A75zD5ICAAnZ5K6MCQwum1iB/A84k2ULohvpJubxdymweTySw1C8rkdBRG7X
tsXhICT9ITgU82//iH2RpGnCdhZhCuvODHNDQTTQgmhd0FqkKD3AFSR+LzyP
boUjPBW7eZGUSjiK5keFfoQ4K/4CWIw2eJEPNLTCeYYUf1c6BJ8uretdBX0S
LwfNTBBEH88cebPF1XuVrrcrItlJzHSVVg10BORI5lGyJSZzwNhQGPQ92ha4
ioEb1IBbWOi2+e2jYLcBlozrBJGKvDFFsVtvGQ6wQ9gdQoCeWt0jTtsTB4xz
rcOAd4DcYkpFrDwBSKzXQLAAaopRLqRn0fJPxv8vX2AZSCkAEOgQoGvvH2UO
qiO8iXeSj2IDH4pd8XQ5oIP8/jL56y7NCcYFWiJYUlQfhGliEEkRHLz53dWH
gxb/P3j7jv6+PP9vv7u4PD/Dv0E6ef3a/KHkiatX7373+sz+Zd88fffmzfnb
M34Zvg28r9TBm5M/HvC1Pnj3/sPFu7cnrw9YbHFBgGQPtqixBuCBNy8slNYn
Ynznxen7//v/6A0Bpv8C4kK/15vRgeCHaW8yhA93IFHybNkGrjF/RKRUQPgB
bjgKCpLApNISRP8WynzFMrvbENYBHAGQPuwWGTpdiOMkOQhBuFQSJkFXQNID
+FPZDGxELxvnVnQHCN1aQZ6tkI7gCucJEKMU7ja5FgDLjkGCC64Pi9ufWsH2
9qej62PAr5rsH1Rlf3xiG6Y5rwo2iHMEP7VAcbsjnvIToiKx2UVw1Qouidic
084TRPqW1Y54ZckWr38ervAXvPl4F1b338GI17C6axyPZAarddB711v3RytQ
4La2t7gx3BMCFRbuyYRZjhNhnAbCOaMB6BlnBpoax7qiVQeHV0cYTLKifaEi
oYkQ7qpwZBMruODbl0YTPLzcMwCAI6Hbv2+Mcw0g4IjOGGGwgG0sgxyAka2B
0652CbyGyiuyKziCdpmSYkKjXF/03129PwQMvUO4nKJMlZfE5zfJDcUJ0XW4
gc1eb64RLmFwfXfdRu9gucQDnqc3bdhtihT3vkSJAGMoCKu9myOXpNubIP2B
qd9d9S/eH35253UGCK4/y3RNi8HhYe69E7SYwuI41fUBDUpyWgBQORDDDj93
W0GnAzz481tZC6qDVlN1FgU8MDDvdT93e60A/tvvDuj/w+6oOz4Kvse/e/gt
f0MIc80HcrjhK7Utkl2cySG5u4b5GLQEbvylwLc/Z/lh2Jrjyz+9u6yu6jt+
oPv5ZfdlF5fS6w+GvJDz/unwGld9wQoeYFOeY7BGFqBozWTD6IgsioO2E+Y3
O6biMNVuA2SdQkl4aUTq/dCas2SLN2ITob/5yzPURNusx3xVitiskfm0cFN6
hM3yOyBBv34K0UHrE0DmB1E3fkzu3wMFOkQQXRJcSXw3qiPu2KgmoaVYLrHr
8JBnqD2bAdPbNY55liDtBZ2wKF2NlCktPu8MSvYqd2C4lHDOuGMPw2Ho65ZQ
SPoQCGsjETFku+UqCUHuuH5b3Ao+CKkAdn4fHBYkkvIK0PbWxvlFNgXBMNqR
DedIdnYFz4UrAAwb62CLh0Ll35OejpvYg41vtzA/HEgWi1ZMi3MIKFFeA8Gi
cSaC5PswLx6bCKAKFBAkP5CwKxOJsmVwFkW9PExpSHfic8Tza0H3HRB2WuH6
mo2J5jmxkoDcu0PmS8s/R7yD9V4+DZk2Drei0Rfp5yQWEllRgQ81WxGbHEhm
IGgckfZEVnn/Zf8GkDDGKqdYTljMjROr8dIoIlEvsxVyKZHhXEZW43YAm8vr
CmhpKAe8G4GMQDbbVJbnA/EMF3UIT7SCgiG57wrtjPu/wmsv+bAcZCCzjuF8
TwMt3j0axzc9wBNG6uX1X8OPVRi4++drTfuyILCwr4PgZFcuDS4hGK6AFBxq
0ytw7asQjZCFxrij65axE4FMt92V7Beha5ewybTY5SEbuFjXqe84uIMRNXZq
7YrG2Y8PAOyra2fV/uEhFdu7dH7UXboR5RjqBa+axNVvWrNdL6PBA2t+y8OI
aCeXJ91Yghk2zMm2Tj0drBMe0eMhKuwfbOPjEdH9BwYDivbIWBnqwQ4x5XhK
f5TiiaM4IPKHMXx1r5FdeOr5Z3KsHBbhCsRxYYDyJdqIXeEFx4MFENWyNHyp
ZRcih8j80g2gMz6Nd30NC0TyK1yPLPsb65NwOAPfOVyIPurzz1t4/nCb37Yo
vaEVvOblbWmY+uqu4dFrJjI0mpnGsGEY5RolSyCDrx0my1ewumZ9HEs5DXkK
rYX6ZhkAIufXANbHxeewYf+8Yx+09JAF2VGvN/769Vgz7nB1CAtpoTSMpsIw
jOFWlrRzsf1W/SOB8UAxELfltZhDiyKLUsJccpNcw2ACoApJvYb/XGvLX8RE
5Jr+hOtOFnF8x7WAIAkIAaZR2chNfG7NVs7kNYp+l0kYLZNYCCvxa5+YvgMJ
sw6CqGTOwiDYsxLn8Jv3zgalh7Zutk2jAPXY5eQeMDDWuhnB+QEmwnCg3Wgm
kn8jJN4+RAj8e2+QSr+6eehV3un+lx+gr4j2DvLhphH6TWOpF8l9JqyCrHst
oc5vTv7IvtDk8zZjW6ijIRjDIUrM+LM2Xig0fCQlgEjrgUYGFFoIIMGbpDwJ
mH9CwbR4qghcVERgTWvZG2+tA578683zJAG4qAvAnnP175Z/C5F/90q/6iT4
yHeo2KVl8pF9grDCLdqVyUkLbKIVsF8VEyRC9pKFaGpOIzZB6KNWePqIzFa7
oymKpPSeC9IY0WaRwrSEMahgo/mt2bdaJMqxjqaOIZkO31l/QVb7k4Z5FBlG
2JKG+i7jMXqEYIVvs1Lkq6p2eW0My9aULEKQqzKKrg8HeYRKJdnwNpmWMrUZ
qgXngFozO/NJOt0RhYiNjCQOM2u5DtmPAptOUvTWkGiHjodd6agIruWrWbom
+9tfdqBYFvcw6mcFVy5Hf788miMhxPyR+oCOaSUlm0JRZjkpRwA9ZZ15jhiS
zf+SRGWnZswEwFt3AB6FNr8D9i/CKF2lJQ4BsAQ0A7TZhrnepQI8JAsGSpfB
HcbzhOQTJFo8TwmscOX/8z//U8GowetwngB98CWbFX7JAg7y2RU/8xE+B98H
YuWhKKD2p94BOujxTmAsnvOi0twgaBibBztS/hKs/KLHETHGWwR8Z1fBZrrX
raB/1AqalmRCnKr/OFN4a60sQmbEVRDM6KjYeggYcK3nuRacJdcdGy4IV+Ew
UkLf+DvBCkISUEcRddMIvjMmEB+ZhcWCNA5v8G0CGS7EzLwSEyMuFjSsAlKA
DinmFIZ0tNylkT8BCEZeMkM/gEcP+A7xxb9XWhi2I8B6F8ZszaiP2CZ6EkK6
hTuqjK3oDPzBWTmFPwEoDhHCcdHaSt7DIhFs//IlXt4m669fKSLnyxcrCLYF
ibURhzgbSo3PngVnr9ovKMgDt3B49oqM71+e8VBKXWGwCpCQO3bi3gBJ2iDE
kGSzcFwNJsFQEkoNFiKqbTv2klrPATPQs1farvVH4mUcziBmWvKchGSrr06V
fEbr3U1iZLEGde4nFrh8o9Ifr8UhKcy5Mi6rdCrQSp3LSOPlQ5JYcP17YIEx
bU6YpWuzVgHzk0/mIbFb47APCFGN66uqnIpsNAjMI5YYHtbuqoO64gBd1Q2e
Oe7NeDPlphAbMzeO3SJ0SkBfLb2ljbpG268KaSv8ck1IdiipSqgjXuuLYnHk
Lrw3Zkx6EskE3GkK8ElUZfGMb+SsgfG8R3ECds2aAzOkoGAblfbyXF0r5hhG
4HERR/xbZNFhIabxMbiUGC2kqto8c6Mq0O3oxnvoEyN1R46VRjvrkay80TR6
RDhuzDwxWpXgT3Tnrn0HWEdbYtEiX4ihotNkBte4VriGaZ2n2XgkmlA12ZNF
1uMDrYg7rpZbuOmQRMAIgQoX1TxXZcfyaGGgJxvNI+MlBgWuPwpFJP6YhMlH
YFvAGiss/QC9v/Ir/Bkvkd3x7fsot+/7Cg+Wp+E977mD/dxU/+OsqhWI8clh
r95wzP2tTRl3UdyeIwk9hyXVTg4F9CX8QJSWHrvE7+Cg4ctGC/75EYbkwnPr
fU/QCM6irWRBNj58lcaowuvRI9mzZ4rY4o1X7MDHtFLceONNgOd8AJDx8fEN
4pNH/y9vkvfXYOR96gnL6tyDbvGur/jTL3PuQCwfgtvVE+BGFuB/Gorsszh/
A664oBSUaTkIhHt8KgY9BK6r/09AZSVyI007Yi9L6STComgKBPbaJ43EedS1
R/uIK2qaHBbCzAvDxnFVqfeUIiEBvm+ncUHmFFyVXoajMKHU3QpYY+FhUG1x
1ArUFrTETdxBa9XE1JATkvNSx5YaxUG/p/ZL6p5GTZFMHKQl3ueOuvCUj4Ll
+jWGs6KLAueWKDyWpMhjfYjGXnLRWWMmq56HTZAOKpA+MvYxDJIF0Q0lN9wL
hgZZ1R4XTdDoSJzhbbxos1XFxBqCpk/hPXZzbHNRJOSbKgwNgGEtgzXpttWk
ZWRk6rlkwhsrNumFqHi8lGFt2OZCzm0fU29x8C+axI1rRoZVdT8MWjP0yVvX
lxaEZTXLsFha8DuRckZsxGW+b/dH4xb8bzAd8qbft0f9nrceEN/1Wh6U1d1l
DfqtYDjlEcdjXyRrqcbYoc+gyGV5jLHaBqTw1G5FJ53okNeIQl63WLHDC1Dt
ENh/6o9GvRlN+9MQF1DZh79Gem5UWZ6SGAEMb59MhlMMjrmSOMsRhu1xZAjg
YZYjvuNQG2MBI3eGZXFairUU2xH+CgNWQg6DLvuwhITsT7vVRmKJYWKUONGc
BVcedDS8HCD4ZxKLc/jj6cWRKHQY0sQqw1Ncouph92KzaxHWCcIzmibwwSCl
6Eo3i6fqrEYw2sXH+h5Xgy9JCKdYc6vbczwZBVHbGYQ6iQLK2yI3Gj8nHmJf
afWJNEXqPFQyIPjyDNPTvgIWyOGIhaKFCiUfHMYkJHeBF8UjEc7miDkhQDWl
OInloQA8TTZsIXZSo8grxQkcouBvatqYqHH1cdzYfPY4oe5YJBY0OVpHRSNG
bMgYSSgy00cBPkFkRE40hUn3oBgCu4w4sekWziJs3LebskIuDQbQRomz0Wi1
XhwHx3RiLthixZvEoQRvxbqL6qc65KBxNJMSam7ECFXeB6kt1HKkHavs5PLn
VDZC22ZN+flQ5CATakbeSsdiz6oioY1+Xz+KdgTYUSExjYxqTBdDz458Bxec
s96ChqQ3g1zHe1Ld1MOpbq2nvlYJ8tSxu0/IrptnmHRWmVfwtDJqhzBjT74Z
in9wfbH2kHMYVV+5gNfNOtS2ObGZWKPdJmmj9Ui7Oe5SmNxBMCdlAL4u7zCH
aJ3FFHz3c/AGrRDmn5+D35OA+bP6+fh77x/9GX6htz/SyfM73c/dbhCYX7bF
bWB/6Tm/IEjsL/3KL/Qi/TLAX74cB0Sv2rRYTj39nvN0cdHFARAym3mBOKgl
W2acGLMCiwQELO+ydlEmW7gVJZYBgo33kGCXAdmmXChrUZ9NaYXmLBpuNDCR
b7Qa1GJgOqrfCX5XCDaZsTI9A8m62n3NFcfED8ePfpSwTd9q3tZ2loBpG8mu
OAHbkArVcGdxaYiffHcZzTmNjRnphosIEI4UmTLclKDGruGU+aHRNYI1ijPo
HLQk3aS0Ksx4wpUbcyP5Az+jnEGhBixmMYrW4oXVly900vw8OvKYm9KXMVrO
RSbml7bW+0UuKQGK0ilnZhGFJKfGtrARuj8LksaDShYGQlBVnxQ/lps34i6d
9Cd0pu3WjkiSg0KAaYJkJtduY8e2eUjMpQX8sLhFxQu04zLqHLGDUtdHa8Q6
jXIO8wX5pqD0VptphjoO7mjHZBlB0IE7kyfoYm552cl8sPATosCGKKHDzTdJ
Ehc8/F1IoT+xDutDS/AyjUhkR5i7BlMQwDj/VesolchGS8lOOEr5c4gI3/Kz
5TAxF3dNp6wcVsfeR/EQOVEgRncUWAkNtbfTr9+GqhSn4TrRxoBPq2RR6ned
BWmclNCPto4NENwkGFoZz7qVCXpkFZVMY51mXBG1MTLElbRZJ6AF4tstlmOu
De3lNzTBvSbkMQnMoCDtiE54JtpC8ZGJqLcBQY8WRpInelEpkgjuhvY2A/4w
8fUHVwyJBU3RBgG0cIDgCLofSNLOoiSG5yoZAq78ScMDTSExl1Jm1Pv7cgmX
Z4XViTjIC0kdsz5H3GLyxu/jsWmTCXvQTvMkLLXa6MjBp0KYvzxr8MRpb6hV
f4WE7NFriEOIug7Kqs46jXcrTRHwRlPJXlE9OIlTS/cUiuYxISVL4d16A2qN
IE8cOw4F0RMmXGPZQSMQiLFIDtaruoUPt3yPkGW1qErAgJ5Vikeuq/NWzzLR
P7TfkDPvcRwWgttcdCcSjraTCjzutTYRp9/hykLgNrwDYLUHB0c0FmE6rqQi
hh2+v/rxCKjxivQ9FNV8Vl3j1Hsnc6cio1gb4/dsMImhaTDjI4P8ExU9RAwG
BnvIZK0LzlunCSQBrcxu+DrDspH4oJS7WmHxCxJwWugRZ3+uvwM31EaSiUR5
XpNhYkNSR0ZD03xYPyEpbRaPN5wo8rlNGYQJlI5iRSvm70HuXdwDUC8IFkgR
5wlgt7tZl2PSvhm1ZNeUR7EOP6fr3VrsSVJzgA2FSgxpFL9QFslq0dK2tdir
llix85lwZ35YaVuh2My0nC1g1jExa9eyR+crYf5MKkEjA4QA0rXC4CadHF1o
j7CmnhSYCNtGgv9Rx2Kys5NEpSQ395MDg6zBw6UbimAj1AdtE276LBIT4i23
G8xLFM7n20tslHdNedKBEHpMyVVkxHZTJ6oEhezU5NEUg0RCvgEuRw1/4AUj
etSqXN2mIHO56UQBGg08goHWgIScHmHviClkylKPm7J0/jZr6I4NK/BsWC1V
T4uTQBAx0dZSdTECRgzeuH0EUQMoGm6+zeEK88Te3NDcubiFF3bzZFAGBpSe
wVP5hHef2WufNEDMpzEWEAhRJ+m0DOZopwTFIcCneGHuvSJd5zpMwpj23mdu
R/50sq1qBcPhbjBaGrdZ/UCjKN1L9xsJzcFBvQc9468wXgp2Ch4LdlL1YCer
AzBvf5KHRz3F7+B6eLg0DFOUtS8nNHtxkMFSiBP6wqu+HOc7OgP/OzkE/FKJ
1+c//1N8/Ej+Saf/Hvih+wVPDt+RQ7BK+Vk2gcfoP/AsuQZvMj3WIf7vX74P
nAGP7AM89qH85T+GY2Gkz8KMBr/b97jEFQcMnX+OEuLthwcXG6T4VF+spFvJ
3PqAvH7OWHgqtHjEuD8ZOb1lDRx/PtozhRnV3lzSUBF7UAdL4gNZ+CF+JTMe
NU1JcPNMKntnfZNyDKimEHZzBxLF+GNyfyUs5N8u370+/40cTsW3y8GE1RN7
/FzJS0t/fiSPT3OYh/PEgX01oFkfes/8fmAjIoFkfdRMse7WNSvU87XsJOzj
rYWWSBSoD48DHVoSEG5KxHg1IMU8DT8etBqX1greEm5b9r9/FPvMYyEte2ba
UACCL1bsnw4efELozN7JGJ7i/xZ9TFCMJAu7m1bQbVWXdSREhmUkfO06KBMg
ppQJY0zfNnL6CsXfywaXcc6p9EqYHjzl1CbwY7H2maRM4q32iHkaG8vzbgUb
Pa01610LAK4dA5+2ZZ28v/DMCaVIhTWgXvvFTVCmdq4vytMoccNNBwYjVSN0
mAUH9du5dfUWm46BUZ8il2DVITeTUnFQ+bEm/BKR+IVwYwfceErk6DtJxwr/
ukvcK/ant8s/e7+ZG8e/fHWJkMDpO338z0DJd/R60j0c1xf7u9ocL4uogiWJ
xCZsgtg4oc6taYM6LJpsyU/pqOU1yTiUqNua+Z+Y+/UVYPcWQ3ivxJWq7FeX
ErSnbSMJqBSw7mKprca6XJrnLFKJk/4lpsqqiMJYyQurhY42aPDsx5yT5PAp
DbWKxMH9rnoukqxGYcrZlzjflhuXj1cA6yGzYFN1gdUKAWHoaa6NReYxDv/k
KnVuNoIX5+lnZtaDDTqOMBI4p0GxW8QSjquBOy0JwbIRfJZMUdSPg41Xhw6T
b2KJD5FHRyxp1WQUf8GXTqRU86opaMqLvLOrdhZ8+Xcu+MG1OlfxxM8J4wYf
cCNBZbjic+Fbiatow/tfpTKRrrgJaE/pBsaxaO2yXJBRUkk8FQZuhZcIWdVj
xIuHArjcChBJWPwmFQudFykqcJ+4ztyClRKgi6DR3uwAI+E+cmOFCNQbTE4J
YywujFWYcCdc1cevHOSoPnuKMmFVSdYkeMXkXsT6tWniFD7k64LMRTthjG0L
F8+6glUHww0ZZJRXeEKriNqlZRzPOpWBjcI4XsEdIYTgGAtuShWndJAW+nZM
hQvj/k0Lhz/V9VNWqJQpZoR5VJQOLKYvXYMHdL1DTAQDtYKqkZgkJeDucB68
pyNZGS6ZbE9SQkPKZwz69doZXAiT6m3MEy9vYHmt5OmccsIwD8UotVQsjVBV
s3vnZNFrbph/ndbA6hxSU5eP/1G6Q+M9Kokrb0FVUvLIqr6NrjxxQY8SjI3b
L8ahGHjNfwmSgYz8G0lGlcPzItLCmIIeKKRgQvONMQXEIzQ0+XyYTHDpouIv
o8gBuuTE9TC0ySk+oBqrTpi4Tgpsaqid5Vt0uCAIWsiCi41YdKl4WwuvFIlM
mLxHNj4kTodiusSomruspeVCpAJKBwtivihSEl3+kBesfT6EGVgGuWJcJKYu
UwLFc+zMcjCyl8xaWtGjCbtdrbmuUDYP55hJeP930y6O9QSmYsp06FQO/SnH
FYOqEWmSrF+px84pz6PXEkobxrGHbdbfylQwzdmDzRVgWUdlwvfkdBkKhnog
Q6ZS06JJcno3/5Rmu4JLhTo3LiI3MRz+3LFSuQlIOtZIPRZKaMVfXaLQXl4/
EseEcJlKTrryshSUwwLOWG6VMcOaFRGnufy04x2/AzE7oQPD1FFuuOlGl5nA
BQMOeliYq42+0mZjsT1LnBbCFpsy4jFjli3FfHBSK1asP2KsZpg6biXDenWY
lMlRrEeRwVo+ZWlsV7JOC8mChdMtdlRH8uLNC3IVVbgSnoDHlkwOQxM7aiAv
j/IlPLp/mjyMC2pgYk17kOU3EeWHuNg3L/8fko5fZHR5xNj/MO9zRWY2+hWs
tofpzbIEbLzDRkGV0uuOK6ESkUYOhY56jS52/RRbwHg9rgcwLMQ+KXKaa+Jg
2rKSYVR9klZlYi9eWEuEzZj6gAz1T8Lc/VLMQ9i7R+KSLTwodf3y2PvNW2gS
z/4XlK99Yw/O6DSsE1tPTLYecTOh08NGrTXFUhZSBTZG97bxm4SKpb4Cz9CL
Zwg4h5QlKsu3nfHSzads9Yl99vw+RXXdb7m6Oe8P2EuyKVLyyWIqgrnx7hpz
JxhNeLBsyQuTQm6wxii7v+lUlkJX9FeNS0SDEchjWixGCQqLQ+L/l6B2sTeW
CmdaTsO25zyhWMJldpdQIBmtyVnyGmtMAAcrsJLDYrfqBOdhtLS8uuTUc23z
4mrPTuaqZxU1og8XlJBgKiw/wUIgBzxujPzMLNt1sREO02OOoCS+HFgUhc2Y
R6rhzlQ/S4YmLzx9QTKj1AhyfPLysASrb3brOdaLpZACOvTuEV+ofUttWhXX
q66VFiCxkmpK1UMAvJg7fy4bl4kZIkAHKhGXR24srbOwhNxFFuDVTSJy64CI
juzRf8KEnjPYdtQ2dAOCEWfAy7eyckUVZLxb4AZvGiTWmgDn2CCG/fTuEpUZ
91Rss4GIy95X19YyddSoEIUtHqt0GVyNuhgVKxQNLRfOJJ2glmV28kc+KFUF
hQ0qpnPjy18aIMgEh1uMC7cuCgxsY2vs35I8A/lxvpMSFaZUI9f9SfU982fF
i71AutEx2K4stpvr5wRS6nW+LZ1aOe56TQBwR71FTtUbE9r5F+nBNHCHkKNJ
apPGac7BgOGKVTQbxOkEcH4w4vavCkMgIhs9h+ZiU6TrsSJoYaE8z7gIH+Jk
uOpQHTZdew0ZdFRSqih8i9FDHbJI01+nHHtDndn4NziEI1u4jVyH8O0FljpC
CFwlfz10+HhUumzX7PdXtsiN5KrIHp2zopJnlU0qb5PBA5u87FClNV1djXJw
cZP07bdsMirFQY2v8/tUZsN1PZsvHwPH1oDj/KnkQI9UNF4BpCzMGxmauvgB
mQiSvK3LufE9ZKbij2Am0DG+9RjMGnDZn1mF219Z1kv++pHv1vcSSQHfaCes
gAHLPBOcXGeoeVHkTH8uH6LHfCT6rILffB8c9oJ/+7fgcPprmOkoaAc994D2
FabT54Vj/CvcdhdZ9W00sNWF/o19YOEdGlbhWKcr7NZTietybnTjGBYNOsEr
0Hjg3FYgh6xMRG1BAoob56pcJ5WNSeKQNHhxl2MJnUJuFxV2lnTZpJaRA9SC
QzHEKK1Th/fw2e+CwvqLNZeVsK+5S+2acwQ5TxOlz1ogOjsnCzcLROBSuH5B
XWdLkWwrtgR2QRjsbpkkucQXrJ1LJpki4Sq9ASH8YmG81UIgJXTdJyjw5R3Z
M0yjk+AaJpVYTTSvaa5kzCG1WlGEBNSjhMmbsLlOcCjRgjYuXFGoaMusovE2
XOvcD3c0jrPhtRlG2ZI4eVp80bBhsmXVdkyFzNDwE0WUC3yzuu8cVVz32rAn
VT71WHoINiVK+StrphUs0PcDbpvPalk5umJMPGdMFIVIUE90IpsH+FiqTmEN
pfX0KGmJJL3y5iC1i+zi1WO15WbfX2IzsoIvvkZpDCTodQYmtsMuyM1ing6H
YzeLedIZ6bRguwFMuCyskSI069Q+MCMqm2AJTtwDUFDkk9ZWX1+bWkwtN1O1
UKG+6EwnYifqTx+p2Yg8aWmRb3BHJ5dUsLUt6nTePfxYF5y8LI4WLXMZ4pp0
uLMt3tYfjX79FkthNSaABBIPbfM/YDrF9c7owXuUg7PdhkkuTKQDkesQ5KtM
eV+VsOvAibo2fZ8wpuCJYdcUaeRHXRslQ6Ku1d8VdR00RV2nhTKtDmo8vMO3
6bC6fV3BT1h1NUgKmGVFO+OosP0hU00TaD574un7BNtM5+ZVb+jJ+wsnn4MD
lZC9oUpLj9I8bbKoExG5OAuuu59fwj/XTAw5kNwN89CWPgDuLloqz/yAY7ON
wH/PltT1VDLJUWV2pCpmRBLeOCDdZB5KmMh5VY217nYyI1Dy+xXSXIw1gJcB
DticouCvQOMq2+E2Lb4+akZy37Bw5aR5aulGmaaVXDWT34lgDQMew1QJprgk
V6p3e9V8cBOhDH3W0WxcI5VoN+3IL/EWkKVlhV6GA2fdB2o/O2eiRGPZHlsW
YdzodItBx75xNlz925t3Z+e/cS2zoupQdxWu3YU2y6j8TCpTudvyK541Fx/V
ahU86StcFWttJBWYkFPK7FWjqigidgm12euGWFmC0cM++wqRF2eIQ+yLM5T0
mBcUWvP+6scWWW+p8qoYgVnbMPXIrY1F6cw7QvYDWNGB0E6kTzIr5++S040i
IZhhmMRJG1iGUgTS5E3mppe7geckeciiPAHE+e5Ox4FUat/6keQaG/SLTejQ
aLGv4saTTP1/D6bole1FlUZDfH1lT7DgP4JFdQmtQtfxdKl6xF2oe3pJpxkR
Jzg9h12hmYlMcHLPfxlKojxKUlFvHqEeWs/x8IMKYMHXdZrRwPP+HvphnLWM
Gw9w7Aqm6BcZXy65C5e32OqpP7jiv4vcPLRaZv66rV8zX/oqKUHfRJzUk4lT
8A3ESRnihMzYVuK+cCp+f3nmlexWPtKu0qIs9tQKxzcoInfhFQzTbR0X6c1O
HBwd1Sz74g1LpUmxyX5u2Yq5VT+AnVxxBicF/4nOzx1anfhAiYluyhczblQW
b2KMztHRxGao3G2naBI+9c8mZ8lUCdNlvjADx31MeVHrRHakDJCTgv9GB1oU
VOm9wMLCOr8Uq4JwFZDgZ/LV7vnnZ10Lk/5Eryv8b3tL3+N/KZnvZ7hWOvKm
aQz183Gb/zF/NP3j/Ch/8v/c/z48AvysuFJJt0urKpIc1bjGfT0/8f7k/+n/
3sNh4wgvT4NZb9ptho3M1cO5uKquVCvDxtxtbMk9Gh/hMIO+mXY8Mv/j781c
X768vbj6QA1zJXsNVePRdIwNKc1cPWcuKomm54IPNNdwauaaTcz/+PtvnKvv
zEU11/Rco16f5hoPzVy9wUD/D74ff+tcfQtDrpBWAaIHQ/pTQ68CQ7comjeT
Pa++hSGXYPO35e9rNDb/0/992lxY2cZNSNS1bfCyXZxRYRsSOPEGYVrHarfe
GEJcaD+PV47Y4ffLShG3517UlbIqFKWY0At5ssiowoNDYsu9+bjMLLAomzSz
CFcrxbFRvFaKjMQUgNBLwGxr7kSdbDFZwKmb1TC90jN2OICmXqRTtLd6uVCu
Y/hggcA9dZvdvJBSKhhKG3eGLfyO+b4cH6qbWbcJh9vvMfu0XWbtd1GZlO0r
7mpEzctzyhAypkEU4Wyz6b2Fot2ZlTezOwPO2LSSwM4slR0bSwz+HRWsld/K
gcxgJixOfkKDn8RKFAmXPkTengO/uidzhNf8zm1xyaYaG72IpRSwisq++t+m
AIEuqoCqC2F06fSH3ukyfcqv806zaVGhqOGaaelSQzb7y5dnTV1oSHZDc7s+
6NY+jHSjcxmibFxLVlYeQAwoohANqPyj+Ka5puQ8EZ9ErE2Jbnm/kO15qqHY
d8tv4VBRC6Rb8Pnp2atA9+Qzh6k4HCHQzvJKhz2s/eduS3uVqXV6meJF12Y7
Jf1hnfvX+bYrbBvv1O8wBVt7d/glAhCuDO2xel+Dx+/rBZeHdGOq08IFRbYr
yYRPDi5yPl3/qdviqJp27882RJu+uVY6sDl3ai5UD7ZVi+PWaE/xPJLUURbK
PQfqoluZXF8OHtpeqY7a08uoQohqtMcDpwM+1Qy+PaSodgeYokSmGl6ae83i
fHQjV9YqLcuV1Bzi3GY0hdgQL+Jc6lG0IbhGq3C9pRRMKVGrS2/tB9K+AcgQ
rY/8I30Pa/sI57ZAzUacO/O0vEPbtBNMJlDnqLTrW9ON4ZpbBlwROSA4moBz
9xcAq1+y1fErmKqwiG6uvIIGf+wXXEaY/keEko8kQZ9tQB2JKuRBqv5L/F+0
TKJbuu3KJ9jV80Ubr5+Q2qVsdn0rjp5yS4AwUUODTuA62jh2lSudUEmi9BNH
YpX5juULRj+l0Y8HKTTPojPSuRds5N5gzBsiUmWRwjC8LgnYpqVCaFmks4Sw
3lbBROJQtCVbkjF8kSIgJMrSlJAifVI19llkBuBkrgixpHQraxfgnzFrobYS
PkguGqOjnkq3N3HLjff0g0Obexd3OLwMgyO1Ng4/Uhlrg5yHXIytqFc0J09U
pcw2puFt7rn68K9qTbncy6idJPpRJxiI0s1gxoxa6ZBfmiivNVHA89gH5Unc
aP8SLB8yhBTI11/kChZoxCVRGjHM5/yOJa3eqRqNTvHt9oEWGfLrgWlfRRU0
umisynaoCMinu2UKdBN/hM8Ib/jzN9/zTeMIEVA69Cu/CeDuHIsjiyNHvLXp
mJEg0BEuvntMFgXLg3sVk8D2YCkBjo+R2VtB7wi7cFBdBJnhT90/wyTmz/8t
AFK6DotbeoJ2zOKFxM3gt3b7+q9/DXrWMndI1l1sE6Br2ct1D57CqblTt6aw
Z51ep89U1tV2j7iWDZUhKlhkxdKl3BIPCWxJUZLGKUm4d6y6nxfyT1f+WVT+
mUfJeBGGcTjpTWbJdLgYzGdRGPUX0XiARE8pwl93qKf+E03Gg2E87S2Gg0k/
jrFV72jaC7vxvD+czrvhZBImURL1ZmPg/NGoP5sMcDa4Ijhbt/et81X/gfkW
4ag3HU8n08F80V/MxuP5ZBFF3d5wuph0Z+Eo7g7m81E0m0+ns1k0hAXN5+PF
fNJLZr3BdDzszrRP51qwxKudw7IC+kPpJAjoctHNnaeitvwr7KwjiWbasXyb
rNJllpF83kASwpSuOkm+Dbem4jTnXj2uDIjBnyyxb5KbVXoDcvR9UKxDoq6o
ibN/UtdoDLdpmwJddFEmr47mHOstxklol0Q0WFpEFg8qjfupHXlGKaAb6avY
OYlV/VOo2T7iUuCD+J4Qi71XG9m37Q6G53Zh6/G9k3p8X545OmO1uaGri7Il
Q2LWs8C+pe02dKZKzL2uL9h59thJLKvUC6zGzPkN1C6vv/OfaHjb9lS37yp4
9xzeRRyqZwlVK7DVxzRBuehHgiH9VWFyqQNhwS9uKlw0NWdr4Lcuuy0eKKwo
DDagXPpwpRrhS1keKxcAkoherRxmxOTOuNPvDDpDRYQcXghv8oR4NCqEEo9E
iXsFS8AcCKGzSk13CFFtdClBzgbOuYiGeZw7RKSGDBCD0eX2qs+gGE3JHvQF
6tgbCqvBMuTGA7y6fxhqJqDw8T4ZMl9Qn2+fYufeDrSh+BPoipc1I05D+TxH
TcFkZTrjaAeqTqu2I1ZDpJgtiXWPbYziLFerNobZS0QVRYnNKfJkAQqmyPri
XiKl58sztwyuUlW3jfi0mt082UYSZ92GPlSu2bEAP6kZByLVu/cfLt69PXlN
VQQrvTOV6W8hygNFS7VsZi06B/mKaTOvKX1bKf77xMCy/YWFuRKpajYuV2dT
JxVDN5WFlgrK1g1oOjVbm3KLOZp9hhFNgr0KrpRDIrljaaQIJ39G2YaOjyOI
oUdVT+kkU3Cvar+lTYqN+7a319YVR6yPydBLq/1gJB654TByreaGA0bq+KeW
QdWxtteR9nOTa2yvK0z7uDznlnkanSOO68V4WBrdNt2+8zTSb+1nan564Dw9
IvcSelpqT5PrxKncaFwnACBxneANJQYevOYTgA1ich3DWQDshgaKE9q4axmL
a3qouYLVOEWv4KKiAE4R6Tk0TfqUOJc1RmtIgvbvwtq2rN9WSVEUVtmdSrdi
uMMoYacbEqq/1TWaxVlLvXApUNPjQoekxTtPQdVhnGxXcII5UU0JPwHb9txD
epnV2ry82lZD0GhL0Z7cYp+1EGIbe+DWimJK5ATMdKoNpmlpTG3dvVDOpAnx
tX3FpWyw6ZLZGHhre1yFwt8pa5MiZAsTKkyNNBjlqq5k97pU7kNQwXjvEu/z
fjf5uWufYTWmB4e3mv7/+DLufQ3awXQqH3v9EX7ujfr1zzwMltHcN8xsUB1m
Uv8Mw1B/6/2rmfWqw4zqn2GYKjpVhumRp9i+1u9WPvfGvJrbdXDo6R9HHmyG
ldUA2ap9JkIkVIRjiYUQOTFdmgrR7wcm1mWJKbxGjJO3TRHmdZjfpCSwsVbn
pt0JSivvesrVdRpZeN3TvhNsd+YBcemG80h3G9JX70XtzTnnB/F6S52d0fbu
3bk9bQWaosp9rik3Ri5bUbv2ys3bpZt9eX767s2b87dn52e8eO9ljiIukEnQ
FRTixnGLXLqPPd1kTeeaMCwPpJV0TckrDktJ0EZ6QeLKOlln+b2ys9pSVRzw
zA/oF5gm2VbqvNm9tJGpOtFCqQqTOzNUa/5y9ZiEkm2lzLdJbrUkEO5Hzg2L
RNEGhPmIDeSonuJHRpt28HYO/6GvxU/zkWLqgzbby/AHUyNYHqRX+bFqx3ja
ZZ3Qy660W0xqR9Rj/Klb2y+1KRCM/oGdIYnA+807vNAV2bHnniTOXzfMbUyC
TcxTPXI7nWyT67dzM9QcMOqWW/9JGMJTBqhv3AyIP+FaqMxz+1PvwLxHiCgN
pid6EFuN2nlfL8WpVd00yMg2gg4OTSccwhJEdy5a3OvaVpTV/pXVtx68QTXE
O+JK3tfVw/W34jZcJypM57+rluluvol1fwRdTxcHYFiD/72BCqM8K6h8g24a
0JAS7ZeIweASG8RP9+LEOi7OMMH3EAMWjxwd4sszCgasaQ8U2Ojz3re39N8N
/bd8ujrhfNUQgfe0UDs/nO4xhePk/Krd60/bP5y+0a/3SJbq9e3fX77AzxRd
5b7el9dB+HJfZ6Xl8ddRJTldhvBvv/s+W933Bt3Rntc5U21gNRrMp4Ffzp1s
m6fuHSULrwy9ES04XcfGh+m0HZ3HQx02BNhUTaWWN0QL0Q4xCUN/JGW1ITn1
GWUZnWaUpqh91YB827QdeV9W43s1tkvBC/syW6Z11y4KZKiwad3HSvmmNk7i
BAEpXknohjusWLqokW7swkEKfjaICJgBRVRIV8pMNxW1gy/qZ3geK8v5V9aX
/oylXbIvKRjhLguoeByVuhPWX02oMrl4ZhrfKOsY8Y/VYe8oiHc6coWrBbiV
oHVRXwpMr1UTYzp62DdjSOKbcgvGsLZmmHO1xSSRaZ3CStRXkltth5CG/EHz
PolY1xIIf3Td8aDo+Sv4e2kfawr7OAETZFCT7Cu9EamsprG+GQy6PQgKdgUp
xoAwmxJuixNMwjXbnAWZiiW6o5TT2uyCs2XzsCi9ZDFvAEJGFIUTWbtbjQAL
VRfK1mS1GRf6SPW0lJBxaKGuD4NC/C1k0Y1dzyX0aIKTZcCjVgywtXy6r4EP
X9UMXyfIjoSYJ2B2vbIK3RZF60V0KhqWK4uhTkfUCrJaKwmXSTV0vXUimmp8
YexulGqdZbun6OkumF5IDjehiOJ9Y5K9TG+WXLXAmMVtRo6XUVNvnozSwwIt
P4D/ZPwglUS3VNWI7ViZ0HYN7zR0t7Q2IeWnkRnLMlIhSmZvqkhq2/TSfSCD
vYhdmgqglVa/71QrqbVXpFBiUy2cYaVsU7FymWe7myW6KZsSoakRoFPmBxOs
LWYrNHVRtQSqIoJjt+plO9p179OxbcqFeCD23E81B9Z3tqFPB8dxAsP0QFKN
nlKPbeCejYuqjYe2xDYBKZNRyf6vx7NVSR98h87RvGP9BQ+9Y8qzwCuGsFCn
HX2o+16v5YvSePuqiVSH31ev6InT1J3oeH66Tmhsbe3uoVWjYLHixtpDQpuP
l0XRLq+1qtS1wKMVdvch+US7zVuKK4Guw5VE7zW1yi5apiHkPYf8+LegcjW9
HlWmGGtDS0XvhpDfy6lkazwVThtUDgQjLZ2j/ZpW21GvdNU3jvSvuEj0VjgY
DOC0gDXQGM6csIVP1BSGyg4vxdWHYhfGCrtemBMqB0fFvbiiqg0TZIlPz7cO
N+kiKUpQkEugNoRQDpExDVlNBSk6Rt6Cga0JIvMSJYyKTQ2VdctyDSQhCtj/
hwPpYJq7PKOA2kpZX5FZpUgXe+Gwj2rEJmteebGb80Uoq5sQo5KgZSNrwFyM
kouY3ezQuUfytBOlSXTWZNYrQuRluCsoQHjFleeIWZR2plof4mCNdUaDBO6z
n36sFo5DlB8iPDCVMbTDX1LnUTXZM3i+2yik9rAcNq/B7l9xR+fCroxLKEom
BEUCkkaiNQH2GHicn+xQal9fZVZtKjnV1Li1qoYQVSCHMPbwA+SLgt2WJLcm
QmQ2rnEkpOAddiEiWeFqNMqE8iRuDWsJf8X4RMLXprXkSZmzA3dBFTOVH4fq
yKMcD1SjfFa/c0Uv1XRNGgFiwnCphvReCUbhYqNlhkIberywpiaFadSYLxdW
uT57RS1rpDmqywQR8i6Dkxe8Rrq25LbfHMUDKEOQF4XpmBzKWF/QbrPOYtpW
VX7mdGhHgnOkz8LvCS2oS/HModhxMcavpTaZqf5c0iXlNxsYjIxB9Chc3YX3
haF/LLyH3KiZFCoKBXNybSvY/ZRD45nwvqvQlW5c4CC0axBLdfyBG19jRMVO
oHkJDCuxAnL9n8JC/BbUfnNT5U8o013IvqKQW6EbIu48zfPr1hPMkYFiOFKR
NA3P7yWfoakcH5ch0bEeNQsJdgGpWUieOW+8Ny1C5GmnZ4hjRCgSKtrq5CFn
IbYhqbW3ojLRgDmGDgDIb0LcZRDSpWAtIQ63/KEsw+iWchJ08yGnuaWOqNIF
orLFnpAilup1bSV/kVySTNf3pZhXKnkq0iKH40T3JCN6rVi8iu+/KnRxFRiQ
N4QxzRh+sXH1Dd5QAeNLARmqOKOnuABYFVixZpcWS20BwntG+gJbx0zTN6Iy
IZaqRLoFBFyqXM3TUqpM4ZtoAxfbv5hNYARdKkyS/aWvUdXx/f7yJazzSvq8
e8XCjxEx8Bg1xAHhgV9sOArVVhtBn17gx9Mo0RTrp0BViKOSg16xqRXbDDf3
8GGDJMW2nFfyjZUMpamA7fokemLtVflG+a+arEEkWR3BbKAz6Q2FyJHjUx8I
ckRgOUVwSL2iEGk26c3Gf0gnFx2x8zJF7mwvt6MCYxGpOMzjwkZtnJ9enF+h
xGB7tPmxgSb/zpQk5s16tZFkE7U4K12XXbCOtVXhSl51U+eqdXRDXBOVRcFS
TiymHs3SB+tCds5V0bnW+mxUuuNypy1ctF1CTJ2iARkozA+rWZcpHFVw4XWn
bWrU27w0VcO2J6xKWw/9prNKJw+RHWffkgOzZJZ8sCc14b4j8yin4KLTgVia
XDbdRASUlI/0Ia335LYrqTUh3gNmfAWXylIvkTW8L8nWWBL10myN/sdX1wTx
1p7pAjNdK6hvgOt03V7tOY9g33kAWF8kBWWlV28BjvRg72THK45GsxWyZ66q
7qa2uq2YOYrKhoQGbDe4ycMtDIXDA+0Nqeol1QZdGsHaoAazvTBPqmZPB3mO
4XGA6CrhNtLZQlkYUlYIsQKsdV8U2JgEKMLdBhaBjDjnzjF4N4CDb3ij8Mgy
jYWBUCCvqWCsGQl3EqZCp7JvzcXnIKzYeG5mSZQ24i9aFbsb4JWlVzteyqcK
2TV+GBLzpdW7BLyCOtE+tSd14Z4URtRFqdg3PevEAx20kSB82q0QU8Wa/xAy
aDaOjrYXv30zm3x/9u6i0+vCv93J8xcv591ufzgcTrD6CaMNKsQ6tKPxooBo
QxjbwAWF1htK8ETy6eA9H5gzjr62eqjq/ZFr9SApBIjV7lfwNjxdoeFinn2+
dorjffmCPwChW0rGIGkG1BqmE5yUynyFZMDU8cejQN/HFnigbaN0wiFL6DCH
cU9evPrx9WW/i4njTzqy0NbbRWcKXApSczP2sil9fxFt3B48lqTsuPwpSwgi
83Ww/r3twne3zBRWxyqqZfbcnldcQFsbsVELyObiK/UnbykJR6nxeD5X24MT
VgnSX06NAHWpv2XV5KRYXYuojj7HulBLVV0+lCU5EuYRUcnrQYSqNK2XMJtV
Aw7phqq2XGLHb8oFMp94mdgUprSRTVMB4+ZCZAlMlsoC/WGk9oNWSeWUHWIp
BpsiAobPES9VQ2Sj40kGN0vHkiRC1h7agJK8Uyz6iv3fcuyBk2zJuyN0lVfA
G+0E7zaJwI9lRervqrRBDzv43qS4rwKkypAb4GIi5vWhlCDD0r67Ld4NXfbW
ZLu4GNZu63TlqNRdtsiU5+gjTu+2qrtNoUyCLk3jzfJ7drGDw6kjS8df9csA
oH/Q9sgicWSwVoXoFJhGT+wFHjZNJStUUqe8N4h0D7TDFIhbRixGB3yHXXii
jeuyHIvdilWi5f08B7UclKhNucMWACUi5DHZExSyM/mlbbHdy54wnvt5nt0m
RLJCpUeTW50bKZX1oYoEvTURFOJ74vgt7m0XVoBId8gTFUyZYptWPx3PxkCK
qdAs23ac8M8KJ+DKjSX3/vQlKeTDXEo+5JQeoIHh6h5dxFItnMk0ySunV90e
zYk3VIN1j0LETY9BjkFz6kY6lhgOQUY64SKkjRAfs3smjIc1XLw9a5+envQ5
9YV8bOScC3XVHBO/Rp4DXW6NZ2cNoTJEJ3gDInpGPoe0usFXr37sjvUO9Yvm
UHXYnZ4K/6aeCIlXBc1pN4fsJkE/P6Kx9SNSq8homQJVqc9C0tJDsOUQdWr9
5jQgnCflXSIeAwE+4mBWaGGTD0/phVuo18SoQ7q42FaO29gdmVaGd2J9x2EV
SXSYIcHlxd0FuBDCA+kwVv3NraJvV6BSLsKc6kiGynpKU0rKMA7j8DE479Yl
tYuSisa2XrwBtynkIPXVqduuNju4wyeBM3JSs/eYgZAZydVxOqQ5NpRKRtI+
KdbZyOq+ecfJHvHTLuUPlHmvVWo65r9gGyUYu6A8J7G2A1pWOxLYXmzKSihG
ia3vY40MU5SlkJQebQypNG0jecgJIeoEP2gJrlVlEzpFFAkI12Jksv4pTTDr
gpvaIUZJAdlV+EmqhiC7tXWXv1w5H8/+e69LTtkTJJAY/b3he+mSv9A5Q7TX
sIRIa0EySiQUi74oJhjwqz51qnrEWWnEz4v7NSiKmLbqXW3iuIj6d1ywUa4L
zEhqTstcGmb294yy708MCYS9X7z90D798NMH/R1f+Ja53Lp8CT2Mt6GANRUL
cemYIGhLkShiQb/FLZRuwm01t/Hwh7NXR9pyhstbovItGkmASiAgYI6xpOh4
5BV8+fLDyXsdc7AvnejY+03Omti+7qIkZtEMnkGrWOC83Ph8Y8sA8dRIuZtF
mpN9N8xvmM6IOMTyTiUPtNS5PJRqKoB6QBWlflhSMD4uTJSBrob59cg9Ek+k
YoeABA0r40Zh67fBzgbsg8Ws6XqRsZPo4o6bHeEMiq8e2gCKlqlvCpi6S0TG
ZcNijR+ZjgXcfrVCEJ11A6G1yWknqyKTW62XTOVUddU5ox87A5CebJbspFhy
d2Ejt5O/V63Z0uHlw3mTkT+kMHK11du5dK02iTnNwGshTS1xZDgEmTkAR1xi
gDm6RpBqa/eFHW5PCxdxvLOXnqtzgPS2DvP0b4kO+U83EqYg/TKqR93BGF/l
mCNCy8+MqRhtMpbksK+YrXzaX3n9x2u2aSj/CcHNNDGFgTSHw/BvjhH52fhW
QDjtmKBk/UkcDsgqOl4Gmh/Tfex9PK7+CPORlEAhzn/0Y83/6H0yxVV1rDUy
qCe85/+opL7s3/kezvlt72HnG2SZZ6/a7DigYAdyY2R+K2REgBZQspxsiwbP
yQwwT5QVM+UuJ2K51NeY70cFq0Sgl8vNEp1mYTqO1LAgRwxHhkUzFzt0pyYk
r3MVERS52Rht8hptKIuVV7XzQ4vqxJWNA28/S0YwYKMaY0Zzdd1KwwqPXzPF
tIYmKbASYiVFnZpr+DRswBguPalE8flIIxNfYGkU1lsOQZDyfez74m489nwC
dj9nq+zmXoqyc8O6x+UZj/DR2QtV8CKQmgu3WrqkQF9epNRznDiSBwM46oos
IAxwv5u/si4KejPlZEF3j0q7d87jaznEn1TarWPWQabxjSLJgwKJFpZg6Fes
LzwqdKiXfPtaHiJpiCPOZkUqFycBdQWLBaByadQURl7HBuyCvI59KIE+jmEm
LMOIJ54KvP+AWiZG775BUhfxROMumsC4cbuRearrVfUrgbeFCY+GSC2CRWRf
rK8CAsHqPpDqJd8hT8JPlHoZFin3hqegAjar32X5LdNGupQ0Ikd5IEmlchtI
kGwUlHKioCr943RIlUgRDvLZPkPiXcYqe1ZYVb4g24BGjZJo0SCJNsihfqBR
dXG2oDJrC0o0BVERzkhFsAyAZFoWNe4rolmFNnpEpGJQrHYFMjTZQWtffNAR
G9qYHVVCMEJqjEjN7pv1WRxIlz7g9cyTm3SzMc4t67n7TqWllYC0EGiTOrSp
H/1jTQ1tYUdiFHufFWX7v4mRT0fScL1BssEx62w16IAs6TvQFAMgO2bhwlLs
FWVBmyvEJk6WNi3y8VjahiGbUdowmlIJyS3JkbAk3yAp4XknSGJISuc4jy3u
Sp5UZnbOb8Y+hKT9o0Lvkc6HV6k4nC6iknctCpwUgRlHKzC0797YuN0F4L11
orbYFF0nolpYcSCqe454koAkut9Sp2gyQHgX+ZDTjTaZT9adZ46s70GrJ0q7
77QLQS/dPYTDcFUuyajLxc7Iq7xCsOaFrupwhOxwx7EMRfM+CXTwwzwVl4r4
Y1yQiQBWp9ct2zSC6bULZ3OADQIUkwUJtUWSWiENdeALiQP1CC8toUyE9lQl
Q7P3W8ruUJuoSsSWvdYsI/j2+bbjuLFKjd+Xy80DZztqrOb3jqiFkrjtQyJq
T2pDaJJNowYtfkP2JBgQGBsceeA85KEbwfXNAnutyL8gXjZ6gu5WIRFxdC9a
0h7RiZvUp8UzKHeGjh/Pd9lY7el3lWpP0nzDFI3SRY+qVaG4pALnNdFnvLVi
nEjJ3e6fn3LIcjWPy48t/IrxArAXuDpt6YCaUm10qqeivKJVqC8kOdF0fiOw
b+wxx5y/UX61LV3rqymezpZ4xlugOzNKr5FrCaYnZbgleaOFhHXo+Oo7E4WL
WXM7E0dqGyeoWvEvzoKrLibkpA+pbI1GS1S8AG8kxowrbjvVp6iPuN2BsCiS
6J+TJB9cGDEeXevWNmKOpRIgSpzLV/+KoKL/SQUOuz8qCWTUiLoKERyaa6mT
XLWrQXlFwMijUFEqW8bNpoM3GpBQNRERcts7/MpvANnoYGE9TijZgqIBXA8X
s3Aged0ZGYyfSRY9Q9zoTy7UPWXnEUW1sbOipbDKHEgjO6RDcam90Syc2YQs
FqrpBnseV+90n9Thw4p37FmGs86xoiXhF8K6ZT/ZCNKLjfndtS1WbKjiHyS9
nK59uUt1mL07hXeaa0qOK6qSJc/rLaXxtYrU6Xj5vPuMFn8y3G+k85XjiKEY
rIYwm8JE5RuXaxMcHtjE48txllFpHSC93XIdwizhAcaz3lGHFw9FIT1hCAxr
8dfrFUZnj3nLBNSVuiuz9e5TiI1CBdZEgG/8NQFiIsgozxgT4JuOk3VQodEG
ms1Hq2qwDFxYPhUWqgbOQIPzW45DWVgil6Ho+DzB16rRS3JB0DHrox9A5oUX
scixUWkkwSokI2yIPGU3oMQ3w1AJDHXBlEd4e4saHTuUVjWfjNRDLOpyh8hj
HKqhYwJhz5hmeZmgHIbnzeXqbK2fWoXgw4b8oyO32bvCBu4JVj8vkju2VKau
OEGrIGG7PjjaYJT1RKDGwrTeBkUaXudkROqamuYbWLnOP96DgihzMNN3O6o5
Leuru8D+NdRWgMW/W52cij6FzY2kk4SNFArlfN2yHC6ehFkz9inP7Gw1Z5Ln
GW4YIr/qmEM0Tl1d6VqJmRiFOCx8KRIxkPodMfaagOdI7rYOkNKpDFZH5FAA
Rhy55Va3NRjnByOrO/iSYuMABDzP/k19V9cJkId4+g/3UGDvMywlW1l39eNy
+tlLqRUpDfcYmfiDIfVnL21XTQlLQ5sSBvu6RSHtzeWQW7ewoROF0aJAJ1Pk
oqV/Ng0asYe2TGMaLpAhzbNK8hyVEBjp6fDoa9Wl4dyPwErC3KT6kKvFrDgj
19b2rUmSIUU3wt94ad3+HKF+V4lBiUibqW/Esl7wPsd2z3Q5mRb5tV4oh4pW
094Wt19NlP8D2Qv4kVbrt7UY9E3BKGW6cdgeGPPE01WWpgNGTlFQGNb5O7Gr
4AT8HQqEG2VGRhMoyJzUQZ5K/jnjsN11nZZcE1ffZ2sylsoWZCBHmMLRcKEB
m/5uWs3TQ0zSsUNLeiOF7wvUKzFaPYi5WiqV55A43kOuDWSLsR4hSu7EQ/2r
gpu1mYAq4RheSzdcoFhKYKa2BuM2LAogc7GEiuFAmJoVFFECK0izwsQNNskj
e0Sua/4ozdeZzlOr+gi9bwFnlYriztULbSZYYkKkVBjcYCl/sqNJejeFCgn7
17XG4bs21hn6xNH/JsKWVFWeRYkKw3ZWo1SYxDymOsBR0LwTi9vfBo5KZhZZ
bJxcqnkCaJpm4jLHySimOcSmAJYXSpwC45/Zhbh9ngLOoApOoFNpKW9g9z/K
9XSFaST0Jgg03YaYeu9cPjbz6OBmI4UqE3Ijyo5dXRhhVHjhyFLcqEjAzjiF
2cqCVXRM4cakNNoCCYJWdIB2Zn2UYR35OwGH1Iak+F9fXYt9lgOycTtcp6vF
QqKeUEsRZEKonifZlDDNkIsookxyJeWSit0cS3Wq0niBKQLIES8l8Eujb4Y0
Ktd3BNeDEbC2G8n8XnnSMlbxFPeYlvZpeTtMM/ZcUsbKindZYrKRCKHRTLnA
RViu0aqMVlA8c4QgJ8Kw6Zal2y9fXv/ArNnkl8r5KY0ZkmaJkMYGGgDsRkgT
Hfn56ufg+2D9v//6luRECteFo1wH/wrIcBPcBn/dJWT39QHGN8EFqKXdFImZ
izu7zNStX9dPe0Z0be8Nl2qEq36I8e3GCcfqdpStgHlRILXNYIb9KQsHY7EM
pYkHWR5DbZOnO+CUF7eeKNeMskGLnEqdOpoGvUyHHQ5X/iCGThOYz3GGeFUj
Kv+QMXdAX7tUrrB1WRaNR6thzHUcC+yPSfkBcefIL+MhJ6zWu8KNFJ0nWsuS
BiTGXKevcpExuthzZe/5Mp2TxYHMRDZ1+ZCrr/T/R68/PdpTsVbSQUzBWr/1
s5QPQsT3kZ6FjjMWiq+sUPzlWd12KlyarLWFeAuYAvslXK653ewP6PKmZtS/
ErWEZFBFYjltn2J92XVMEruOxHWyCUKO8+0EL8gQD5ydaRKH2KJOtjewL+Aw
B1mczUiyxTmVJhJaHZB6taIkaHaH0asp25zQIC43Ak2pyonCcvyrCdn4Fw/v
SJdor6ojOpZ5/7KtsVL8D0gPmQRwDfb2Ik/Ipkt0wKluqqsMb/ZUglf1SvCH
16h3djpUGtWu6ZpKF8rXjQs86igQXrkCC0WJFWyWdpeYYgSSMUZTwgT/TLqv
VOsQtb2krI2SQiF0bZbAi972Gn+0dAWK6+oWnSr3idafuaoLBwOzCnff4E43
J+yfu857qvSCexAzaTs1mHGeyV1IkVSmgQmLFMbHVD861VzEXyRT5/x9i2el
GJXONOQSGTy5ex0cJCUtJ9uVq9TGQKr31qgBpIu9AOJ8ArYzR9Epjd1Wz3Ga
c9gFAu42ceBr2XTlfJTYbyoNAqQmoK5ba9ruvQqLpQH/qzcnpxb4LJQh3Oky
XlgPDm9d9401FbJLKU9nz1gyLoknxqwIKO95Wy6oghplpX2CUCp/Sw6mkqSp
9w1q4ZUEx5N1R/CDCj0ynRE8cUbTVUCA5hmgiCJvMv7aRgSQVg2mjqCuVCzm
J3FlrQCrMEXXVmA2xqgntplQDGp93Jt7Y4ZloxoNZhq2mMTJ0oTuATjQIkn4
L2WiW0x9SUEQOeveDGeuKlHhateevMEyRk0SDCnSmUW5nk1qpzq1MM9BsojZ
cwaLeptt2j9QHvaXZzZ52aq7rrJKzsNFmGJPUtQmJZdZK6CdwBc+Ul2RR1xl
Onetlv3lWz/8up0iYctyVEKLlyQHEMEptkzGbXLg8KrdKVidM4vGzDn8htrA
FnD/W/vWCdSknS3alHFpLFBimNXRvu9yXYJDf/MaTlhJu7oUg4vcbkTWPUWp
8oVUJK0U0WLmZV4SYDqitKYL0puXD0sXQLns6FKCrguJeymmG2WU/HuudW/r
QAKs9BhXHSlzCkf8B+2kqNQBxdOxjRibqpYeNWifbHw6NF3L2X6JRkRFvV9J
SralfoKgntLKvvlF5gQy+cRMmWKKz02VXGMkRGDoEiPCnGEoXkxgagvoUAtV
CbWA43+nn/G7TEnkFWAZEhhECuIVO9q0RDYykBk56T6qal1GHQKXh2td7Yad
ozZirKAzgRP7lPidBvV5UNkkjp+t7Ep4ers+pmNjk3KnSOlIYTwBqR3NRz6W
GQxhOlrFPVgj0WXd8R1PRSwDRK8IOFujfdkzdgxv1AONa0CQnrrKQKdxstNd
xDCxDuIs59J/RHNVaDRKEwKNQ2nUBjq724iGzO1tsIw8UcKSop5aNSpFs8Vp
EVFa1+bebXdrckmkUhXpMro4xXtTkkJrLtVcVaeoj7VAURs8xOA7xn+rQpFF
sqPO3JpUS1PKz3mSky9vMhb9iVZjYbZ5YlV/rkzEnu11EqcSPm9vB5XVDg2d
JS1lN8+2ZYqeBzuZbPuSy3C8NwU1xFVUJYcuZasSNfKB1AibFlNUncI9lbDZ
MA/02zF8F8pUDjE1QETUDymTO6SmA+56re1IbCocRGzOnw7ZTAWaBXPt2jy6
6Z1UcLnibEpBkqaaDV6tl/JJBY8UiQ0ct6itFDZnxskooruGXecBD5yRtCTE
2rZnmnIqtW3Rku+u2BIbjmdHnqvH0k0dCxNrRu4kO7uZUwvemoynsXEQWZvb
Hng9Aiu5cm4pBGpcqdiJVV1iYykYE+RjfFFSQQ0XKvF5aDyipnqFka5gFPxg
1I5wUcpKJGZ1b7wDKY5+TTzAnxcgUJ+b5V2a5VFmjY3Xs35a3Z7P97PiZmGk
dluK0hNC3BlbEYilbnElpzxQqIsCYImb3fwTLi7WcV7C4uRewhMwfskFv7yQ
CRPMY7sj4g0NKWroZkMGJvRjkQpi0qbroRfOOKI4EwfRRSFX999pduvEaLas
O6qpqJh6EG+ap0HPNKl/sPxyJ6VxyBBAWSC6gDajshO1wHaZmteF7S+7ovYO
PY+2NDJVkve78ILi2dLIzsJH6qCTX4mDa3UwSLZgGyhPqGv5s835E4CE6+7a
OAJK15YeMyBKNKUza8xBHwcIRzdm6/uu2IbSmrhiRCY6VN1vogtzaCe0tmDU
23Vkph4eK8frLblAYBX7aj6hlEUhvmhq3LNQ43/DoPYqLQskM4MlEacMO4N7
paPAai1Zp7PBxITfvWIB8r2pYsVtGJWqFEMpvGooUjyPK4BKf9KgWgnLl6wk
LNWUrDF+b/JEwa1wOhOE1hW5DVnjdHTFK0oB/veL9lknTcpFu1wV7aTYpCbA
kPu7jCcS0S7RwAVPlpVZlK1MNWGlJ9hmWM9bxxq8SJmUsmvB6e3z5dnc/ekr
xYWiBLcrTEkIW/Ncgi+duEQk7xtvcE5H40QNl+F2GjQWXYTHW4OXYEuWcsRm
J3WxWorAlODfk0pb7SrD17283yaiPOtWdmSMqo5eaYruirvIl5EEcKEqt0A7
hlJ4+qtY1wgLnf0ZK4eVJsrMqeJnnL1ypUNTsotJjnnfL87jytrKaziA3cVw
iO+NKCYNOg749YIoJfYtvz1SPMcDj9ID+PDmyOlblhZ+xLoFMHmFbNizF6Xi
e0GU4cIP7w5A/zYr/fBWatinu3awTHOD/Mqypkq83xwjN3SXQpC0XA2jUuJQ
F/OV2at9oJ1QZmG+bihScwQpiPy4AxyGgpJAwuoE55J7QJAxZSEV13iqvYVU
U/IVrFGcE1KMqum6yNn+UM2jQjGs5HRd00H+4TKJoUMruNIFVuOT8Jg3SRlS
3ZuqotNcwEParzUXQzkypKKhxhlySdYAqZayU6EEia/GIV3hjPmzSCRUdWvF
Or3HAef39IKbKHJxFhxq8yobPaid3HNvfCz8RumXdMsOqf38EUzqhqbZHpLo
myqSFdruuAT0PDEJXMT5NgU5GVuK7EKcNaXzMR3iYuoQ0MFLNWmS+KSYhwla
OPFf5HI9HHZSmhqPWkzQByirxbuE1dYM51M6z5wUuUK7ZhcchYEgJu63cStB
6IQJfeJO5rPabXzUMNeITRKC+e76nXr/qBsH14d8QK0AAN9SXEPNMP0j3cS4
5SZq3BF0uOJa330cPtQG0Few4WkYHdRXVtJZWLN0Xq66RR8y1QNuKIatmOuj
rCiNxYyc7KFpY+kWLgLZ18buEFH1sZyUoErYRXACMkHJWgCHq7RpOjPNIRoL
V5/YWIIdYO/XgAE5oLLtcXUkUEOLkunILH4iYgZtx0SgAzmIMLx4+6E3+/pV
Rfr9WmKY1jYE6/xL48aPmghunRpUq3dAldC14flc58d8eSb2rrZOmal339Y5
oaYJGmA9a8pAV2yqjYm7bDa7sWU6jLOtGLUrYQdmdDSxhSAx3+ww3toMb0PZ
xLPFDedaCivPY6TG/bHGMFuAj4N5qGSfi5f8/SEc3SFindi7F2JjxjoM2lp8
JHVMNtxgyhIpJw4nlUY17P7UtfVMTSf9s5LIosIn1W5qumHwnoqtU/bEBodS
UxJzCT47CrI76hpBkYoU6uX0OzHKnCMB2jwj97RdEeTLFwwu7PXGKOXyGkRD
KNikAMdKFknT4q0KYq7H54vOzpiMw5V3qKg3Ra44BANT+I3u4VQ5J4Oqz7Lx
orQYb3jKEJsygObk2OfFm4QJW5/SGEvEO2FWoH40NdYwqi5dOPKxCvQUKIwt
46R0TPY2MMMtgY/45C+5DG86bGBGcZv1sqbp9ZFpp5D7AMuVDb/wRRMlVJVu
52ROP953eNqeee1a72E/nOyxpiqj/Iiy/e2sNIZPUk4il/SWKs7svhf4e0D3
umGQ/YQfuaJWoU8pyoDP47N16JK1AZs8Gk/FCq02b0u/66wb30nthIhoXpy8
Pam3jkiBsGIAM/6Il48zT6hKZcIxTCBip+hspn70v+ajQTZ1wVJIClKj+frs
ZdPX3EfU+Z4iuPkI7eiMGsTjDl5xQrB0OfsxuVdWsT3QNZmQYgKu5sbMGgZX
bjSWjiiPWWPGMsP/gvp2rw+3luTYyjYkX7ZM4PAACBKaf9C04wO98HtOZdUy
GQ2DpE9KdFjypxzPhMYfL3qZQ0/Qh4SY7QxHVSfusjblf0qgoirYEqYDCI1H
w1Bn6RX7fTAejQYjpJ2yLTpF6uHLZd7M0HZOI3NYpe3XCAF+wU0/ch+QVFp+
yIlk1KgZNph0q4VrvfEAfvsH2xjaWOsh+OCg29unjOlwsyZYvC2eNoqT/tU0
DKpAxyC9zbNslVD/GFM8MNWioonSNC4VEjefVNDn17b78rERs71BU4OMqOGn
JEGSyrEpC+oOwjEFrAAma9M7WF+gyoV3L4z/05MujE0rUDYs5/+fl+Xs5SOX
Zcm/S783pxF6IAE79V7sv/R5xovqedYptT3Q6m+PnqhfNyupdB13/Mex03X8
SVRSPe3cg8fOXf3i546beOTgH6AcDqFwTxXf2jzwlhgMG997gBxvmiSMxlF+
SazzWpAj2rXbbZDVo1vq/x0ZvwjFmFirEjUoIwVzld5yrzfQEG6D32b/9T9B
7F3dYZLxb4GItt8v01W63aJxbY1IBt+fhbAA9SLZ/AVjTFqB/gv+2OVxBsIq
yGov8t0mC16swg18BDHsZY7jnyUgZLSCqxLdHpvgZZjnILO31FWUlWXwcrUD
OQnU2HOQvvM4eBXuolt4mn58la0A7PMEv/kxAe07+G0YZXMY7QUotcGPIVyb
2xTehQ2pH9NV+TfYwW6VhujZgD+z5SZ4E5Yl7+F0mcMty1CyC97Dt7Qv0JRg
UZdpssXOv5fhdhkmK3WZzUH8awVvQNWBz8ElhsHDVzf2K1ohfEQD5wYwJFvT
JFclxe0B4scJrOYyDWP1h3A5lxqgrMZT++l0vitN38gkOH15+QPXrU5WW6y7
vgD1Dk+VdcwblCoxcJT7o8e+yEvi6Qfs7/R7cqrBsZ+LOVmMuOiKtfoUPsnu
NyE0WvR3XOEUbqvVO6uH2dK3jIBwz3sd7gl2s8u1JdhpDb7xubg2QR4Hfr94
4sloz8Iu2RyzyQGa0hQmCLx1uZTr8BoYK5qO4E0gyfIXXhP8U2vuqxWOoV0H
RmGW1hHGJeeuUXQRhGQO8kXwE/YME83mJw5BIwp1BQdNzTPPyez72Bw0it/+
UGceu205So7Wvj4sbn9Cm91PR0Bm/ezq9Hb909E11vIN6LxNArPzEvUowATe
kq3mmIFouiFzor9oazjMNby3hnmu9BPv+exgRhzyyJjnKk+RtIcP0ZS0opfW
czrXicJS4p8lWJ3sSYlRlitwS+0iM0FlHdXvmM7EpF4xkumQI8Ov+IqRPFA0
4BcuisyD/IR0cKD9VLzBOiROqgiwm0WXs0XnLOFBSvygvgpAx/uPuvC306Kc
JpIZdEIQDiQUwAmI9iSXL18s52/LaFgXyAo/BY9iO47rWEVnQXgl0KDzkXid
ZLTZRuqmiM+g47pAXUqBcvYi/exZYHSQXOqF7CAxwSXZRMdKyKIUWQRxSFZo
k9f10k3GFEDgsH9kcdxZkohNbNv1YyJxfN8zxjzehTvXK/CA4vu29e6utyX8
hsulFvQtB88sXaI3sMMIEOMvx8ec71x+VX/KF6BJ/Tl4+ccLHp8ezIlG2N5S
wb+V5W9MCsldWEgzF3IdXSXbshP0u/1ecPh5verDiBQmgS6AAbZb6h51eADg
v5LCTI0yi+Cvu4ytP2odYsECwTV/DeSqo5Jr2sAOpIOHx5qVyZ34grHQBHuU
QLm6z3awTm5rQwXs0QSnO9BIqlcYx3YFAa+AMriMpZyjpoKBFuOZcRRHnhno
GANouRnPsZLCv9+GC/qth1CC8eHA4sNBBR/0IBotDrblAaPFAaDFgYsWLk4c
ROUB4MQpp9IT6L9lF/rRJyI278JuoqUpH/5TR+1tyTuADexbf4TixQUfeAws
LSbhEY92G+KOUJPAmLV1ijkz5FkkkmB7rsw6s/91dny4LY94z4ew6aN9uz6M
yiMqDxKTtRcEd7pgcq2IDrbv0rhE95L0NESz64c3r5mnYQGKdCXeK5L1KYeG
0iKRLtKvNrjYJB/onEqENqfh4gVU+mJpPyM7lVIb+FW9ZpxmjJ5wlBbjHTVS
1tHmm5vERoI5hAi3eKyWZbktjp8/v7u76wCpaQN3g4PqZPnNc1EknsPXs960
24ZdtXE3nWW5XgHZe27Inhp2dD1zn4lcSYtcYT2xZgFuAJsoW3SwzESEo2ju
gNb0Ncar2+pQO8N6HuQjFgFxvBoOWo6o+XZLI4cuIvFaGIAN4zUdacXZoVu7
enK2EWsc5yAoNFfv3moPGvz75QtK8SLE62ABzkP9qT8a9WYtSvRqX7066Y/G
R96nFtnIe/0p2sl1aGeBxeXLHdZZMzI5haOgOHYcdBWLzsfBoK9Ydj4Oekpk
Z/wTRfHjYLgYD8ejfne8GCfw316/O5xM+uPReDCejXv43WgEnxMFEun5sYI/
p+NuNx52B8D8hoPeaNwLk8VoOkiS3rg3GPUn0WIxHo2i3mA4WPRn014/GY8n
3XG8GPQHQ7W9PV8fq8FkEYeD0Xgyj+fxuD9NptPxeBoNomk8SWaTuBf3+qPB
fBwPkxD+M4x6o+5iMuwtevPFEGZVBQ0z6kfDcDKahtNuP4qn89lgnERJEg56
8FB/MpvGo3m46OOY/cEojrrTYTjvzWfRIuwvJoMxburyWI3j+QyW1w3D7iSO
h/0kGSXT3rQXLuCHySQZDaaLUdJbJNE07I77/cFiMFhMur1BMuqPuoMJbOoS
NzUbTqNF0g1h+fF8PBvFk2k3Gc26k0kPPoTjaDQedcfzbn8y6M8mM1hLtz+P
YPHT3igaxrApHGYIhxCNRt3+GEA8DWOA7WQEy1vAQYRhNBr0YjiEUXfWhflH
4WwB6+n34uloMEymYTRFc9IvAWFXcD5WsK+kN41mi25/iAc/mc3CZDAbRJNk
uoB/o2QW93vT6QRA1+9P5t3edBJ1h8kk7idhb0GRITXRGdC0OwEE7/WiWTyb
Rl14ZbAA/JqNonjQByzrxtPBcBIPR0kMSKRmk/kcINJdACjjcDLsx/DKfAwo
FycD2Ou8CyCeh/0p/NWPAPLDYdjvwuEtAB6D7giwoK/GPcT2wSTEx4fDmdJ7
7PUXi8WsN5v1ktlgPpzCmBPYADDE+QgxGdBnHk/DcDzsT2fRYDKdDie9eBbO
JvDmYDbBPcKNghOC84mHvXg8WnQHcTScLsbz6QBW1B3Nu8oytOMAtjGdAZKE
URSGiy4AYrEYziexqsjvgBajxaIX9ZN+vwvLmU56iFQ44qwfj2CH86QHsKP7
2B/3hgngLGwnHsJpz5LBYsqhas+kNqaoAQV9WxGrkHhs4WyGSAZ6k9FkOJkB
aZgB1gJAJ338ZjztR94nuBf2aQX8F94fjBeT0TjBYxp01WM7jmDKxWwwHY2m
c7g6/QVsZABAnw/nST+cDxfT4WDQg9e6feBRk3k4h7sQjvohIFxvCrgOdwGu
8nQy6cItGABmzJNwOkl6g2jU64eqvs3eL7/N3iPbjGibQpPCCO7QJOlPuovh
eA63ZDYZzYHaRN3ZYgobGc3jCK71aDiaRv3hDK/3OAnn/ZHqwT2Ju1G/H44A
s6JwiMscD+bTYcM2+7/8NvuPbHNB2xwCAV5E4Tye9ZEyJXHUn/aS6SgERJ4D
hiaDXjSJI6CbYS+Ce5r0JoNoDgShNx7OeqOpmsazcdibhfEwHE8Ho94UVh1H
EcgnDdsc/vLbHD6yzRltEwj0HEAyj8aTcDSbDedwIkkIdL03iIGLAoWfzPtw
RMPuNIpjYJZwhxfTaXc+HvT6vVGo4LijbreHI8BfMANAALB8OI6bTnM0+iec
5wDQ7OHNTvu0WaA7I+SKvclsPOyOpvCfcBD2eov5DGj5bNgLRzHOA9ynF45n
g1E07Y6iPvDSAfDK0VwtgPrGSQLMdBgO4QoMgCEB+Qe22bjZ8T9ns+MHNxsK
OZrBPmbTLnCJ/rw7n05nPeA+wFnG8WQWRXAvZ8B9+nG/P5qPhnCEETAYuKqj
GLY86CYDtZgnMbAH4IGA3OE8HE4HYT9eAM92ybGWl8mpwiS5Kqweq9ckyWnZ
+iPJo8DmgT4skv4c5DGQIUfhaDJYAHOEr2GzEzifpDeKZwmILUPgZiCMLIYg
1sXIYeE4kkTVZwKe/P+wdy45kuVIlp3rKnIDDVD457g2UECtgF8U0AVUAz2q
3fe5T9U80iNUq9vDfj7ozMhEuLna00dSKHIvKXLlxZexi49jpJltWpzHABrw
AeyUdgjjEPH9PCUDN3gJ9nBnp4J7GthDFpCefRlP452J00EItOhPtcQXL7Ab
yMPlZITSUAO2Z0ywUA0vlPrGi4JCQ6sYXiP8+pkBNHuWflJsOOe3Sb9OJv87
+GyfBJ8rUGzi0XnVE3jXNpYPDAIPofBeQHhBO98RxNc43aAGKVcZlwU3HvAZ
iMkCutXYdalWljU3N0o85kEscx1bpQChsiN07olVMAE9Dl6OrWbjAZ9jDmws
EOQZGPiwssbOLsbR8NnG0sbV0mku2tzHgSMAtD6yd/3IQP76gM94Z9d4oZNK
OvtED+RNi5AdWp4g8WbR+KqTWz11g6kLm+30c2pjEK0+4HM7m6BYJ0GA0Jf5
Pj8ns+vx/Q6rZR5j5puYFVDxLtCOnWrLxTvWPOcHfJ5AIWd7RPbuzjPrrUph
s1qAHzCfrhuGUay7AE5Y1gi9YzDaNLc76/a//vf/ZIZ9xIVh1c1CyY6FOD0Z
CBi01UCShZ2d+SZQGFQh4IEIakCX1Hl7+cp7zqvQYN7YdZMpxFhkDO1uKvzb
ZSBx4Zv0U7sj9/cv7s/IHb+YG7idBTobbFEIO8lZI9hk/FHOUBWGEQO2CP1x
Fb4SiWibX6t5rlfI3XaBX82TrbmF761YE3GA8MZDFjwsrdAOLm9DA2572l5t
FGwdQO/bgkx8HHIPxVfYFL8aB45hOIAjrgK/WCa4wzCfJViBQ++FScfmCUxz
tMjkAZ/uyN1Eutbo+KQd+sZ74pRAKEQHXtDnn5B7A47kgAl0YzSyHewcA/gr
cg8LCyIoDHzVBMYxIzOwrSqWSEwYMMK8GxF/mHXcAYvoj4uh458LVPp3Qe4v
R6xQCRVmr7GD+cUKND1YFI6LSGdjsugQc4WhVuQhdktMgyDPiWcPYtZgbSHm
cF/YSq524jwzxDXq/mrk/mKY8QFpTxjWBubGcIimAY9V5PanTkVANFo09gQ+
bGQoGt4OP9FiZffik26DTR8C7jQ1rN2zjT1ketbxFP58InJ/McxyDdOnMjvO
FoIbxEGMXRrB7SvB0iFXO7BR2OadeEs4CIOwxf/iIhgvAsXtzO3Z8QDhzETA
4QqRE+ue7YuR+4th2p2HQd8LiGwulqcCvaeAfB2NiLsKHjNvV8JgqSK4J+0c
cZs4ztq3xxUB/5kgvAkELq168PtEyrDOsPktyP35YHu/05QEg8YzEkvYnGzE
grtPOFb8biY0gksTXhqPNJcwiDjamBH/2X0BptwGTy8593W6Y4j4citE6dD8
tyD3p4OND3c00zgiUED5hpv1sMa2N0C1X2d2RId8QLK2Uo1ttwk/FU3Fiqcg
V7kVoCRAYUTCfsXCN8EXMIMtfBByX+A9gg9YkM0fDUydMgAsg54Osd03kA0k
2ZgFkB9RwfPq61Q8JtH55F9C7rljqOCNxRzjgYEUYx8davkKMquVVQcfrx5i
GgZVWUJeoHo88gbwvB+5V+BeIhynLgAASMK0So8G/mGQgGQ4/owwKXPYKFbh
K0F3RhmiM0DID+R+1QX+d9Ddfw50B8axxb1zbIczvIPgDQeEZPFYkLAIZZsx
8ACdOgMutifUFYP+4jNOeUB3qNEQ9wJ/GgiHOV65VItuLlgosLUQJLOBxpmy
eaoQ7oZpQnHMAwce0B2SGqPH9cYzID/ALvZCSXhaHHIBRtcOBuNf2wiOR+Dm
AGcz8XtTBykP6A6WjBCOHgH4dekwGOzE2DPYtzQF7IRNxoNdYD9bfqHnMrex
Qjj6+YDuhDTPDvQMd3oAGIFB3jQk+D8z7KDWdfCO6/iamRHwfM6AvAYCJJbu
B3QnyOjppwZY2+ytrrpxPXYycWakAS4llC6cQARjA8ojxgytSPUIpl8r9W8Q
CSyI1wNSMWqhO3iqc3mWrXP3rm0FU+dJ+K4pqLl8hf6Mc0IVr2FQ/8bbVOyw
uKoACLWceE08SNzEa5d7aGUECHQqOrchNs6TAh7R8dESDKcjkqXHAPm66I/x
XVu8rtSe8GR4MwMFsCbFFTxQFPo1dmCBCIHyC9Azt7XupOD9ZvMzKfAs9ohC
aW1N4DjzNE44nS3BhLi6IxufSZ9AMVyEq7kU5nmCccCvvbwiBf43Os5PsD8f
2Jq8zCkll8P+qAErJFb0Xli8HRxxLOJt+WW+FsfEQtXEvlj9TgoA534Oj3Na
+KwOOyt4LhadfYf/+pkU4N2Y8DitRS+OyvpCupb7KynYeHbXArjYpq5R4KTg
yaotwqCxPEg0nJf9w6BkNY5n2cjQlgrQtt+FFLwc8QU5zhKJbyvqMKM20HLx
HXOP/oQciMcwX+O/c7Fh5mH5/eB3cG7b5VFv8HHTmQM8LYo2MwHVEYZhuV9L
Cl4M8w4j8ZUhQxAxONPxBJG0tF1PBWrpbkgGBMSvmBtOElPF1NgA3ie+rHUD
WXk2tI5HCzv+ztY9e28/PQD+RFLwYpj3o18jOhcc3QKoiNSznjsSeEplsGkt
OPc6sa7ZTytu4fgJHod92wkFw/zN2FudBd4dS8+OfV8BFwGk8cWk4MUw7xRv
9Q1XA1uyC0/LYZYxQUvuhLauU9QBcKv81U41bR6e2aAR7876NcLFjYXrx3Rm
4/HFMSzbzgII5/kJ92eTgueD9edBClYKC4ensz7wQiNyBXO2dZoSK9T1KJQS
t6GxPRaCgTsHbOqxVSz1tvZuvuhQahM9oIw6MiEgn+8hBU8Hex7uCK/TPdHL
bVDGhOBWAN0w8PXocQgig0N1gh0HG5gde8qAETQ+Mokj7gbrBSZZEbIjrGEa
bRM9g30UKfAVyOFqdQY5c5MgzlsR8YCmBMDUwQwL0HSIs+3wxq1BSHYyOFvx
8PRfO86HTkwnvF0bsd4qkSXAoZpOocGsQ7kTk1mH5tUOTTLdMLDDez6+zad3
B79EClJnX1jFKQycRPJ+dqGaDR3tp/NDcDVDDLEv4J6uUYIQbBak5kPxZ1Lw
fzvSD5/DC6AoQUeg8BXvAEzHcNsQGcIWgG2AlSwbjGp0Yn0k3Mfr0ppHKVWm
vmXEYOfV6oLmBY1YYTOBXuBlIBvZLGyoh40/asQ/d9irTI7ZHjVe98p3XmA4
qOo78K+MbLwYOxKq0gar4JXkAjWBhvmsaAs65oWHQLXjK13Jb7wgDvAI+DQM
T4CqwHAic3EjMZCNkUISePVSCcSBrwewx5U7vwK3xCG4N16wDEQ7lwee7lj5
C2sBVNPGiuwwHTuwknzNxpfwH0DubBG2DhFhvX8c6Q9ge0u6blIKTZ7gRGgz
1NitsNgc17k+zEBJNosoC3xYdfBCseMHwoMXZPhJWQB1fmXxsT5T5P/awYEf
pmRFrRS7yMF+E395eEbS3Z0uqwlSd15AAIOyALShFsv6cQTBxrbx3SYwBfwf
BVT44oQnxBe2gEuD5+i5QM4HLzjTZsWkIR0BVzWIKay16eCMzQzGnPDMha1D
vkReCpMPLcBIBvvwxG+/p3i/xf4pw6hBZWpxXYB/yeNBDQX3Bl+TRBhZ0EOg
yay0OdhdGkrLIjyxo8pLShJ+o3uKBKAQ9YzmQPG5GU6i4+lgI8ThNrE0E7/w
ve+GKXn2cfLQxMwr7Pl2TwFkwmsx4+yrXsaeYE48Fp4Ittz6z/cUja0ga+br
qpjmIcQQr/9KSdhITFRiSwyi22kzWyISwo4M5s2UFwzpQkS5QxqxNJgh1sSS
s2NhQr8JJXk54uvIt8YJijvsEVvQLbOYiORQlLMzaJag28HfED0wAG+w4gwY
hoOeQLyjux0PfcHsooElnDPemoCXQthffU/xfJgPqLPwtE4JQRXXFo+uyKWv
CJWCy+YFAcatVD6AU8YR9844wUNg2OmIsbfNRJxUus6GUh9tQXlLDGk9O8D/
1HuK58MM1zDdVNwNOR1oF/vaNTjmcAyOtwVAKOQmnPPAoQdM1XegFX4r47wT
D7s1cG/abBsoSmWa6mFhE2HvWSLVp95TPB/m/TTbaURzhY5zgX6UBUzPNbhh
EGdoJXG4VwEMvmqPkUsj7BKYlBHaejwQTLm4vfkJngvfxbz55Qmh33NP8XSw
bt8pSck4ZCAUW4+wt64Tr4S3B/sp1aTIhU9Iy5VioIvqiattgiWbz7gb/pKJ
Gcs1goh42miErQHJ/p57imeDnQ93REgGnHWo4vYgGLg1IaMpd1j3wI79mlqy
VAdGzLezO6vyNdrhT9utfEu6zOknwU0LPgzwbqs7X89HURIHCxIOIGbDhKoy
aUDpefGjElPRohwAWvcBwJFBkzHiQorOR4PjM79ESZLfImyMhD3Nw/dKzPQB
iLXIZm5Tt8uBUc41YBkbv7XY0dCYrINr925K0oMuH3RC48DIY/e4JsYHAgBe
KX+ABWPXejZbCD13swT7BWKw5/iCH/cU/++p/f/y751/vPvX//yP/zIAxAfl
94e/x2YIBr0N3LzSlgvMLOnELq6O8x9JPwbM4lwKqAlny3QCsosSkkNnu70l
KGGR3YEN2Zt8Hx8JhBYD35tVfpAPeGcpZy4rdb/tHsJpCac2Dug39rdbjrih
oexx9uQMhGNb90RXfPfINe7TfBpVuV9sO6gMEWuBT6bOoiDoDzZjfWIjEM2j
1DvVKDTlVYD2QeejJIID0HJOD1VbLDVr7VevIaXoITznwWZA524rdx6ePO1A
0ztzJ2jedXicZgC4N1DgkpkAn2ZlzqBdM7WcfX+wGdhrUYr5PgSbY8LjRzwF
QAtb0wVyUK5UWlf2Q6irlwQKnKByIOoZd/T9/hn+GX07jB0+p2Qv+OFl+VID
yni1ht0HmKwwb+fVwRM+Am0xK7BtwAu11xcCjllb+AXmZAt1w+FUOYH9wfEL
b5vqtX45wwxucJ8YndIogstQxkmYHmz7VKz2LP5UmfCQGDi/PIMKLVIDtTBj
4OBUdwfYFt09DJAwnp8R/4G+B36D8AHQu0iKDwFeEGEv2aB0juCC9yLQDMXT
DqYLuvPbIGAvCneh71uHRETR7G0FA2VOUkkjnHRSryJgvK8OueVsknAj792z
sp3hFrPZz/n/MxLBLTnGL7BWwR4JSvdXdN4vB7d426iEVTHKXLt8GoYBD57V
R0E23RxHeDgscZfOrvXNW/P+d0HnL0d8hcOp23lcOshl+oFBQrUmNLitsRR8
RIXPDkeFAtugyzC4UydEHeq0xo2hNviJnyrgqQEQsWwkoHr96vz/58O8Q5w8
lOQPT4+87kywaGw2tbhtqkBJCShHRUHKr1Vig6WxnfMAmiHyv281eR4YypwN
MorltQbhn9j9V+f/Px/meuSKW8wDYNLS5E0nYRuUs6ASxj7XZbpnMykCNcx2
btwhobUY3GPoDvc24sHlzj7ziXUGr7sGYGzNz65/PjX///kwx301cSM4k959
M2Vi7gRHXDrE5IcY54E9ex3oGCGybQdy8abrRD5k3o/bgHHEBsxRAuNuG4TF
JlAq8/fk/z8dbL0TS/zwaLoJCVB+nZ119mkmBtgKuYsJgwyBT3DKGipOXccG
RXeoOgyt9eYw1zwCPnd13HGePmxCEibyPfn/zwabHu6o9NgtsCIHlE701SDc
ITB7XHtJ8BLWSFfw/JN24gtw/l7okeDhSsYdxelmxG3P4uvKewGZYKZpfBA6
J1JfGYTidAT7TUi002e7DgqjjYzvxChhv7Ur8pVZndIWHe/Nf38t/7+Cv+DH
TH5SYWNyBtU+1Q9TTnVUXgWQ0aDb2LqPKsMiUGEI1cFOc/uAC4MJO/IYFfCK
QQdRPBhuWz2GsAmHyr7E8Q/oMOMETc2jMqnma9gpfFz+/9+E10FbobPN2xk+
n4F3ZySeqF0arJD/wVfrjgF0h5Ez2YDNPVUkxsd2eEsi8nwTkQMmpFGeaToB
zqpEPBgiMUGmaniiCBrdHlq2EzgBfBrScPEBrx1ICkhMlDmld6VZibKBvYLH
ZqOOagcIA3fMnO4xw14nVUgfvioHbw94DVHC6Leu23yLBkOtfEm7ksdPZxAe
pJL0znxksYUW+M2D8GDlYMzxdlmgeg78JY8r3kPpoi6KAVr+QGcH4GxOF7Jn
2a1UAEIBTZqqIXcBLfoHvNaJASN3Xnk5Ym62hIZh4Yt30+bF9vNwdTLk6/w2
OJXmssl5LA7ju8/V37+4PyP7CHbAunRwUkpbTIzQaq4AjrQYNv6N39JFcIKl
LGIwqH9PeYfk9mtkb7ni6HBseXa8C0a7mZTp8JVaAwejAetjuwyk33S5DIVT
pXJYYusqnfowZK9T2KhUyshjVVOjdGw39wY58jYEI6zJGnQFqG4VLuWvpI2s
d4PN3ZG9Ctv9WcMpTwGGO2smRG3As87ZmHdeHKuG/hhmM9m+Ohgt3sF9YZjt
J2QPxtkO35AyS5wGX1bxwrv8Fdkrw9hBPAGxuplrzheljsjWVS048exlay22
Sj6VkNal0WBH6V24xN8F2b8c8XUg3a2UwzRh7aYkkgN+PXDIcSphdC6I6rBM
HMN5MLc5deIolov9r1LXTT7A8aIWoQieLc3CtezqOV+M7F8MM98PL2eYffSt
M8iwCYKrrprjNCMSC/Gqjp9/7U2X7UQ+ZZbjK9nbQCEQA/igKPEHl0RQOy0q
a61AiZ8RmM9E9i+GeT+QNuAqLBTOFcfqu8kFdTjJgJdhk7M13PIAMFWvI/iW
OoCEWLisqR4Qnsbaho4pbDxh6KMIULUMLfhiZP9imPfrBbx6GdMROrDKMI/f
B5PddamwMkSed3QiE2IBA8BCnVA/LiKaDqshY8mBfnDigecD/VWFZMbuXuFb
kP3zwVq913xE0IYr4I1IqG89NdUgFgIv+2+DuXDKRUoRQT/rkckxnn6g2LxS
xTBi5e+dsm1ZTW+QAJy6j4SQ70D2TwfrH+5oply6Ui+P49dVxrKA5jhUJUd4
AsFWzflOo8UaVz9D5WR4+wNgIkoOZerwIU/wX0ElL8TPq5bf6gche1DFtHGI
9FnbqeS+JROQczF8CyTqeGJ+NGULlsHilR1BMUq1DAL4v5YKVJTBHHT7kJNy
nTIrF3xLETzdQYh7gBeI5YpMXjGos1d5wxZVyW/vP3fHcFRzZxGEwHjHWQBO
7/STPirefnYdcHQWvsEwmYrQfToMvhfAxwfWB/zdk/Og09jeE2EJe8OtTx+V
LLVVEgaqiddxZw0NV5BaUT0RWEUFVa3l6R7Q/pRc4px1svN4GPtHiCys0VW9
GSzCRJXKUBYRFDgNEskAVAxFpUhuP6D9vErptvWjFAIwOdPUwFrN42pZumLX
fC5dBJc5CS9dh/m2MH3icHhTxok1AAz3zrF3OMJKZWbcYNQ9DK/aYM2YRPX8
slMS14Tb7gOwtMmu/FEfwLJVHa7nMIeHM5ea924iG7GCfAxoTUDEkQ4gsoth
he1M+hcDVhLjA9oTWr3vmWevbkNbUyBzT3ZtW2Ho+KRCvUGBzFtjbrdAZIJY
DfAUoPxRH0Agbmz1ghfTKcYp+DEAI2EbvgJV73gKywFvqGsn3hI3v6S+w2yv
kx95QHgO4vNWQgcARiusrP4tHR6lHLIYqWhPbtGcxrbNYw5lMYXJXPi3+gBh
PDeHUiZV+QBwBvYt/OmUZMbs5egIIRxiTjO/WOWRlTGV4D4qILiThvebzc+k
YXll4immsapK7IQ6GdNloJpx7GxIxewqcOnj9D75Stf7yStCiPjIy/qA3+g6
AALqlQHZq3KKHOFuZ5z4hizgB0V+sWewi+6B3ML16J7IEd/AZnyw3kkDoNSU
RgKZqE6BA0xUOiy5s+YrKC1tKIg1yHBTkRozOqMUMOLQwH8iDUs500WlYVnU
qcPDxyn1Sf3AUF1WGKrnUg7lBKHUZM6FMo92UASD2PGnKXWj9hFxA3GpksAn
pqn8LqTh5YivZJ1hV5BZ8TiTls9kXICspef4XFSWuOdpix1E8F1w78yA64b7
uTb2TaiFoM3flxKUhMgs7WxjfTVpeDHMexJA4CGTMRf8xpFyCj7DsvDXzHOy
gXfywmKAZigC38tIow7Pc8KvjnOT4zpYF84dt7W9js1VjPT8APkTScOLYd7r
BwK/uDecevnurhrMLi25AHteYGy2BYR69olHxP81g/+4g7EqW6s1n3ByHTc3
hIVgxVPFZQQ27bEvJg0vhnmvH0gOm5xT9XBjh6TzvmpEKnmrEVVSeaB4Q0lH
VUdZOPW2BXowzK5T0ph71aHDUXrqzsERYDFcJupbSMPzwT5OyIWoBWaUAxlW
U9Uw1FWhp4Xim3JVMwOD/vGnonvlqBvxokmSsNfNAnhgMkvKcIfrsxMIf4M4
+i2k4elg88MdBWhC3CzaGIRpguNhwy3HmpnEHdi7jMZ20cWIV2LshBu6rqS0
DkLPN0IcwKKCW1TeKtsvTAIurn9Usk65qtjOqm2wU8oBemI5TmN0AGYfdsZR
LNWIxjV3VRK0oEYm7AIafo00VNEp/j9XAguLBmlSdnjUTVAMqSlZG5sf/uB2
CUxLFrIx76CUrvpu0gCSCEoJX6DWvZT9cVrf1UFIVG2TYeo1DS932XzTEUzJ
VRVXSoWQ+NGH1g/8Td4AAsqsQp1KDIYLpNAJ0irNbgATBq+MsKq5A2Sbsq0S
IGcDoyHb40f9gFJY4LsOjgRbBJDUppMXol5ShT6oD3snooDbS7oEe5SyYFY0
G9P5N0VNIBBhdFc/WFd2Ma864PAJcx46f+vsG0mVKCZBA8X1g9MZJeEm2lvG
DfvfxbWEGbH2CEEAJIF5SwLR4gqCMxV4HMUCViSpRHYGKEC4Muvjgzf0dCV0
QtMTQMy2LvZ70yVU8gkyAagatXfD6gE7LalYNXuQH28egUNvVwJDBumr17Xd
4N1A2KfLF+GReJXsdfVQx+ZpQCoCb9ZFLTzXMWo3H7wBNrq2qa4NmK+6fN3h
KOffuQGq9yAStxxBXy8Aehx1KaIPvVRfbT14Q2DLqf5hZW3FA/V2Ki9bWXnm
4MoOrDmKJpJbksiBH7puYL+6WqA2D96gIwEc54C/8duA3q0SigpJKQylqVCI
11/KCSqSOZKw3nKB0KqMEavffs/xfov9mbJU5XA5UZtiACBjvyRoDnQ3w6bg
pXCyrMOUS35FEUPXkkAK2N/Z+XX9wG90z+EBvU4chXAWdL6WlYK+ZAOYEa4P
yjqnTraUUXAIgkfCF8Q08JJP7U5Z2DbMyiqQPC9WuwFkuFomoTfInV/KboL1
Tsi5H8qaO1un1TquV+HNzyXPqj1rLUjsxYb2I1Qzu/7knkNoVrxdNV0wwLB5
oxa8V3kQ/HdFyczI0+mw6Yw4WbK6lIaZXR6/jQ7SyxFfkoGwbzxBY1ufKePf
2EyMVy3W8iF6wu0KrODM7K3ApsRecGUSBJJO2a0cSfVCr/faThpKW8KSC5D1
1SXPz4d5z3lJLfKvferytfOlqhAF6UJzr2MVIaK8ko4yCh5NlVJljbLjIs7F
1tcNk0olTauVvaGrbYlBnrqfllF8asnz82Hez8STSkSPqlpBuLnvFqSP1yVq
6aRlcUYCSwH2RWmOz/XIpxfd6An4hpvVK389Y8REHVUeJQg7UOmrFUxfDPOe
j6YibDwhQTlJkJVQvKTdzNacM7PSNeJxKsBAosPWcIhxq9IJ3hnAuO6Ga1xs
3MFvw3bAlpXYB56x71EwfT7YRzFFlNKMagFHU1b3JqAdIUaGm0Zhs/k2XQe8
Ef3Yrx5wDDuZMyi97px6K4HFxw+qEH6tJAVb0C7w4VlW2heUPD8bbHlzR0Ml
23hY+CQ22kDoZejbUjks1wlduZf6Jn4C+PPZOzG6MM5are1bq6V266ftaAQK
EKqwiOoWP4iyKP9L6osqNSJgdtA8ZLGoKtO5OC/pNOZL2oxO4DRZdzGpQGQO
OPb6JcoifTpsvEu0dlWcK48uUjnRcbMkF0IGsxJ024pefs3FHL3U4VmEFZ4W
M/wSZWGP9O1y7r0qp36pegD+5aI7Zd0hoFO6QWMVNqi1YqeE9CUVTBhL/FN9
wb/+j6uG4JM6B1j+yDppXfmyaQ4wFj5GQCNiAKkPBq8saxzQClCbrYOAnI5S
KSGsFcS2qxzVxXP+4SLLUqReKU395HToGXkGZAlgYVFy+bjsoqTE5GxD4PG+
G9OGBXhlkAG2gu41s8mu4yh1J4n7SHNZV9p8W5gR5A/wneChOVTAK/lRtpBy
R97UUxsBu1ad40LhwMZQfMwU9sA08CbgmxGIaaFA3VhKO1v3wlK34ttxFo8r
llxHkGM95oBr+FPzu2sTw1nSkrr/NB308qTsCJ22A9OY96ls2/Qotf6HsqXY
/9cJs0t4aV2ftcpkKV/Lp2CEJx2Tzi152Rzarrrmla5RcRIII74pUyZK9EKF
PqwWf10OrnIE4E9fstpTRfiO2gfAvFSg3D3Yl1d2bypOzJwOMSWvYz2YW7Vo
T42185G63na9qYCHmHEgBQkEcHxbGzaLdfiLHbxzndPtQ9b5Z4Ix3RIG6IPn
aiVEjSFhvB6UYjAM+G7Iyk3nB9AMgHVPoeg3RsUvvyyRGETLiG9rLGgT3RLP
Y7cwUotKdoQGraTS1LlvG3PYTsc1fqugLEl2u26g+pE2oZNwA1E8qRjF6zov
LXB2nNkVpcKHKNUaW5in7r/VvkC6ET8IxiYEZkhA0I5MEuklCBn0K1Wl8qmi
ATLWpFav8th5HOhAghDuEo67FyjXDH1hNQ6/1BmYiuBVQ72YV+DR/olAxI2D
YwkVQHscR15/drjKXwgEr7FalAJF7NAWeBicR4KcanEAUjm9wdYW80+44zUJ
fDo79mVvRzA7vwuBeDniC3Ky1Mrzr7rH0317lohoUJVrMIMAKu1pC5l03KYK
VARaiMesQGa7XgcDnagqTD18UrcS1SPF8Cy15jMJxIth3pH1wWau409IsDcl
fRKLoUuzN4GyiulChiXkHFTLSXzVGVJXR4uND803gs+GxePA1pH+N47kOuur
T6s8P5FAvBjmnScpa0I3pHxgSo16D+ePdKldrOOSjAOHsr2bHeByi85D1NOQ
iNIeSXkmqpwIW/IHyoBLSRq7HZL4LF3+MwnEi2HeKz2qII9q2iq7r43ZWifK
zIgrtgyhTwWviV3CIg6wx0I4SWUCYgxuz3ZTei7Ya7vod4y4ugB96tj6s4u6
zycQzwfb7zl+vqtjQdVJ4omJNZ09wNSBzpWYw5gtsrjzVGWWDtNVryAuURBa
GWu/deVthjolvLhw03Bla5sQ9pwtfTaBeDrY8XBHRqxXsTmxn725J88k9OyU
Ij5FIv8EweW6mUS11T6Jh0nQjfBaVonnFjI+TGx/626IUKYsv9zP+KgWCGlj
cBfE2sAeU2ZBTiPhBFkAJSRcwry4FBzFLmUQzoZWqrnY3Iq/RiAkBCIprArf
GqoRlTpy2Zn53OA72FL3ToUkTTqgSqwuvQtTsQ90Ovp+AlHBUr1c8lYqx4wm
OQedkWe/nIEkd48lM2JsDivZxjOh59tWHzX1v1MC8aE8ABzbs7Q3hnVBNZsl
24g1jAzICIBVPhCvfJbkFiDKKUE4NBBlYnbzDx4QQDbKq1Q978BzhFKKhPe6
BYCXkrV33WWCOvFLE+4kjaMswaEKtojLzV4UcTKvuUzXBaqnE0KyESavBXTZ
jS3anepci0+sTVT9HWCPf87blYmqu/jEgb052Ar01QTE1axmRJdd543Shawh
m2cJLuI3i85X2DLnRxcFD6Qvki4zVRADoQgHKTqV7KQB/ewXdwLTO/bkrjqz
iMp+U/afbz94AFAHq2idnQaMAx32Fth0GZ/k83VwwytVHJJKej3PqULjyS8Z
HUGVuY5MjfqcjZJFFOZcOAV2lwSKTbcgQaqwW//H5zKxa8rxSwzgrLdblxgq
izxxfrCXtkFqXUqlDtY02S7Tp95ikiQ1pB7UqhsI30saMegixL77guKdJrZv
H2Jif5Jt3aWyJfDGNnbnhfBzkblVVjlucJj4HJCpAgePVHlynDKDdB062Mu0
LDxWAUIdvyQQbGDFVrG6oOuRwpMra+QdpkBYB2EmfHyWEpKaK4g3Bfs4CsKb
6yOgocup7T3UV26afpoc3LerQ1RVgsFmk1TcvS4JsO3EEvp7lbaEDXV5wp8V
E6IKZrqumXoFjAC+fqIgQ6Uwk2essv0mlHTgSRtPNJLAc3x96BJIrK6pMUkJ
iudOJ6Qi1w3MjRVjgLE64g5EBWdokswo7re5w3g54uvQ0ClBTYLLSg5PgBsp
fY6R/SFqDv44TALIQ5Jd4HT2ZlVNumFyA85/m7iYICPG08QGvldNV2K3fLVs
64th3tM5dMMbgoJL9k5Nn0ANPSntRhVohNMKLWGfW13jLjK0h4RYpOk9vF83
jHuarzpAqfiE63ZcrYn804T3T6QgL4Z5L2LoEr1gEyoFju3jcOtKHbC0AXCV
3T6JwuzrEFrX9btUXB3rqBPW3Me8Ve3+aux11XXi1IqUp8FYz5jWZ1KQF8N8
lKTguPA7yiYVFTQblxKDw1cVwPdQzUKapgah1Q8fqjqQEUDGJeOlsgCCIj7M
d2kQBHAePkza3+V5+cJnU5Dng433C5u51NBIp3oAb/hgVFumLpaPRUaoJGPE
uw6FkaITxpol2tvUCJSY227413H5fKD9xs3zQKX+x6f1N59PQZ4Otj7c0ekH
XuVdrYkfqWupxC2disb4zDSGUQZo24BBqhkr8Mo9pRoTpGoGZLV+9gYK7aC7
x32aFBVwX+uDKIhkgHpq46gBinr8hEDcA6exBmp5NSVLy9fhaHTcDyQgXs/Y
CVJOPdJ+iYJAvAqxfymi44ghZrMo3wzGI+FMoNSVXWNuO6+mFdg9Hpr9nBuA
Zsb3p13lq7w2xgVWIabrvNtv1gYnakJZZV51ihGMK4V51bJJEDLOgdlu97dq
NT6Ug6gzsLTg1BlPp2uzHLEokOXVY7PwHO0I0985tXHsUmqNjg1VxPd+cBDl
LkDuu66Dy54pSfDetzMbG453UW9PF1WLfzT4zD8wR3XGScyrSe97e6mUVl6A
zb/Ppap1dN6uQtP4UKPzswR1mLQNnFGaLJYmOPR2FwHfwx5UlqMaUfjtck26
SHsBu9QJ5Uih+ajlRmGU2IdCtrkcdRfR3iq5i5JqlXtJNF+m0ybv2U8nDB7K
Qm8Q11ZbYd2gRYfHANn4qjMDJdrsHxyEjbgl8A7jlyoBpBvzMqgD8RLoAODj
mzZBJZ0LxRaPuwWlGUZ0A9up2+dM3engUtXfk6CrmKwzZBxEy2xovnbozj0r
/QDvE3WcpkOArnLROwdZyqK7Gsiq9SHIHIwPbFfuSSYCOPUkiFn61jjSNJyD
vXUigPp1st5vHSWw5SGx2XlawFMRMXoE5B2dVrkFFFCOUFSmQ4dwt1OdRJck
Ao4hjv7oKKE7jWpq1EB4ZVRbh9XqpwMlTFE3zLrZZG8P9WI2Hl6ThCq92MC0
m5NklCbcwo5QRInm1ww7lA4C2N3PI4rUTgItmweWsDl3TQwOvAJUPSU8ksf4
a9YCZjDE3dSoycN1mA7dFmH1WJCVo23jklLOa7kkrZRbJcWd9kaQ3mP/+/Yh
9v+nupXYJXWVI2AG4JMrKxZrVXFKSODxfKBhmDRAgBiyYUaR53dVDcQBh39Z
t/Ib3dGc5boab0+83TDRZ93eaSMbP5nZ1P24VWhilarxUfKRMs7UTxnjfNzR
GBOkpkAjHLwyyLD5oQtaYhX++6SfCVJovCTmkYea3I6q/i4dsPBXEVkJ4iVA
MhsTvK9eQkP6HyF1VZJe3S5m3RgvzOxI5oh4L5mQyq6zf9L0/m6C9GrE13E3
7mpKRYAdpk7v1l2R+HHZ6Uw/Xd2lV96kbTXgiepvDO8POs6Jupu5ScwK15XW
UGIjnjD4qvaM9kxd9VMJ0vNh3iG1cksdwEZlsbMMHKxOeCWqQUjU22LjEgze
bYB+VDRncbjU2JctrpYhSJCEoASiY963HZoyH4Bwz7KfPpUgPR/m/TwfxMYW
zbrY1hWTxPdxrCGoyiaCigy0iA9MqUbc07VB+8LBOOKM2jjf1B0MziABc3Ur
0eUAvrpK4/qLCdLzYd7prpM8nE6clJOtW/GOS8jSJldv4xCvM0kJoSvNRuwH
/idp1dC9qVLlxgvxLg0Mabs3L8CnDk+lP9dV/XSC9HSwj3s3SL1hd/4CyjsU
H+uQ0BNBiSGqWdaSUFE4G6t0RAL1Jsk68cIr7QS3d6r4l1g0sTxKXElpCGDD
76lLeTrY8XBHuvUkapqOZ6KDLs2yJKug7iS4lTyiqerQndBtXoU2u3jVG/UB
tTrupqyU5Q+c2QVYJEQRcJjAgvGjitlD2VGSNid7LIcoic9fRCV1tSo691yx
AgqamqYNdbRdLEPrQNipg9FfE5FtEYgkkldXNnUu1yE4o5aCQUhj6d6Br++x
A6H6kOynhIPVy3wNdWl5L0GSlniIR3e/blWMK3k1ou04zzJ6G+Ldoy31sGBi
FK/9UlmElLPaSn+3LuVDOZKayk01FgPXNTUpXAkmG3xsOgqEV1cfcYUSYG3p
FLCNWsjAMljXdMb4wZFyt7UDcTH3gNs8OkpUT/ShOsWym6RslB3t24z16N4Q
VF4iPhX+rwWDxURApVbNypoe+2mEI9g1gZffd+MANiuRBuaGafmucypTDS4B
ydmDI2lvFUkuGjAeXuohLU7dS6WtPLcEhHDyQ33uQCuAX1YQn5G3WnPDRR4c
qY85WS1pKKlwuHY1jrQjYQSnC98D7JFEBnNTiZ3Llqmfw5G/zNjAD44EA41q
eN3YbrxvgXaoCB/YywSpUaN0n6pUrLEYaZqB0UOXdv2YNzXOSnh2ZZvjpfI1
ZnG6Y5LhYGwSjaiCIXwFDD3ozuLq3eLvbeFHeHCkwY/Fj6p23ZF/l5iUmxHs
H2CCW4lae3aJQ5WpFjk4psVEbRg0wf1Hd43snQQ5pVp16aXAs8C7pl4oHnig
NKhZatf5zlhYPsvBVC2oTrsuah4cSdcVqgGXwtzC6tT/Eicu7qf7m6pu31E9
xPtSWrluc3ZXd0xM7wa4x+8yc3wBU3ZUEcxCSW1HRGwIgHrllI6iBiyqxGON
JQoPpTgWlOj64EgqZ2Mmwa9Z/ScA0CI18ByCAFN1JAwFqO2lFdZZmWNhQrbB
2kU8yv0G91fv2Xrh9iFb78/0bKobOWZj0r6EjeWr/JWnqT8fPLWpgQVweUts
OymPK8A4JXnf99gva3R+o/uroGuROMslCaPqLkisFOoqK1+0RvlIYbnhbIjS
NXm+G6PZypk5bM47PYvqsgbVX0yLGpJ5ZgAyxdZIDO2Mn+hZZu8vhgs0A6xt
1R5s1eE+6UV+ABvu0lXBM0jrZx21rfb83hKXV1kefFvypOzd6QeeYTfi11QX
4N9GRfjliC/ewsbKEhnEd6kIHgMOVw93UJ/fW6cH0F68HGhWR3pb/RWxfInO
R9b4Nip7EguQ0EmP+ajLnY2mEt6vpWcvhnnXMBJQw62BVkU9cUrmIDCRX7C0
wt49J7UnYr9KR1z1sG1LYQD/q9audgMQSIzD8ymp7bdp7mD9JXy1bMCLYcZH
1XXq/tI/Bjzx5r4cRSjfoqDTUZugdirwDfBKiMSrB/yYD4vtUxwQVk1plYw6
Q0rHpCrESwTnv5yevRimf7DQpdo7SXerCEc9w3LBAfKq4yyRF7YtqEPh3/Cd
SiuyACkRZfVmt7rVZzXWaOrgVyZW2ydf4r9HNuD5YB9ZZVkOdUoytO9JKDvS
SoYE8H9S5IcYVKhZSubEUfbEHyUDfuZLTmzuGzHk1CDZQEnvqbuUJJU9G/tb
6NnTwc6HOzqQjW2NXcea+ql2M3Ukaeikqea3eTknTZwhtWilNTS1wpYUNhES
tHLzDRZ+NkBuSkuv6lr+yoT9qPurJG0vh3OIhLoofQOwVA0q1HCd4MV2ypPg
U9hGoDteD4tMWKRjFVt5Wsn/kp6ZOWFsHrSDV4+hfXS4K4wGXpGOuVczZDAh
2E/94AhLJ1fpYJQV6tN8vV+jZ7rnZc4NnFp1RQhELvlUFbhBd3JWU4c+o9xI
GH1BExi0KVmzAEzyr9TgsP0+rAYnvL8Gpw/TqFdRp8ecK94z1NO8HTn+pvuT
ChJdYS2VAAdTacV1zge0bf0Hp2sg8qqW9ZCHgQHMyRfNVgcoVWKPbNEMpyrq
PrWk+pWAymIzYKqbpQTfziI+gDQmt7hphJ91r5SH0uAegL6NuY6qGgUrRwlN
ZPBZx3ZSdQ9OJ2VnvKZyU3SbVme17o7U/nrevCS8GjMG2Yl8E0CccLtYnSN2
sP0enG6rpw4EPQ2RI5EtvOiEYgiF+ubOIaz0NpXaS5ytgCHMtEgwisfs+kfu
HZQPaogJLRFk3jer658Un9RRzitfqS9IWY7eY/Zte6ZETdhrxS7ZWjmPmYf6
aiQiW/YBr9GUqbDVl5tHqXlHn0EJK9aVdUoIhLWw+JLfeFNKEyJVyY4Nx2hg
XzCPEeo8oGQeVvom1tjuqhU8nu0NgmcaQT/t8Lk3AvGedbbbh6zzn9qUeClQ
g1ACqzJbOPBQdmhoKl8KaokiVmNjMTqpuw0djTUbauYx4bcva3B0pMYUMJVF
/Yx3ufJ1zdQ1XiWUmjZWEQ7mzm3olm/jLJsER+Ch/H5NWl71ydPeKVnRS6Sm
TWmisfAsLbvU2HJJKf23K9XT8209xCO5oO7B4KVsr26X62r2HdUYgmgDTVAN
JGFAVMvPzU5ddXf4LiAd4tBh71H5OUu5zQwXRj/HqXPpeIAFY5qCspV1cc9j
i1vg2qn263bzyW9p2b1RmH842f7qQx2PwmkhM3ZTe+tSwWBbKuvjqCahmocy
TTi7UwYGsUBNcqtU1cLuITVwG5yxy/qh7Qn/rp4cp1ei3dXgqqvxlVMXn+aV
2KdE6rt8HK/RnMpBNgyzd4h6biCakN1Se4R1ftZbVgapClgN+tW9m7qjhkD+
lQP9Q8VDcBx5eMH8S6B8EJdLko5C9csijDdvlffOcN2Q34jlttUitEnTEWZ3
YKVQC7V6AGRBMiUGa5nt2Z3LKTSBblhwbbUMflkph65rWhj878KiXs7Zvau5
euNUNVdVwZWrxN8o/QavU3Bd7K4JiOE38YDxqttQTU9zMU4lENyKd24Q2Z2S
NgNYFsBjzZiOr+6U+HyYdxbFakPQr3xNHZ6so86aZxz8yRjBSQqVnY4v7qL9
GcB62MQqXjnsdEwVZ7N03aWTRd0v48NYaKXjf3WnxOfDjI9CcOlMqU4fehH1
nU5H0YZpNknXTKVFdL90vKNu18l0vMgI3dbVfrutK4f96hyxdMCp4/N+dPP/
1Z0Snw/zzqLw8zaddnUUZzS4U4AcSQrmVOXAqFNWJoqovztcGYM8xOohebZc
Y8AXEqAkadSL0otz1IEs3uDpML+gU+LTwY47ixpbDY9xSSL2Aqq6TYHcKh2g
q7kzVF/dVnDvMMpQglqD4MvPgaSAh27Kl+4q9Y0b2+BLlKHWrv4939Ip8dlg
48MdZe+ah/+dRIDpToVGfDhJ9n+vo1aEwLWsgz3QPWBVgl9qHmRBt1vbbnFU
VdhttZXAIhiktEr2yB9ViKTu7DUTyIis2frGkajUWOJCRJRIFEuVAG7KnBUc
wMfA3YeiBiDd/RqLwi8T1YPDMe/ur65vDRRUUjpOmRanqb1ntGVKDYFigfot
gTiiRK38+y+5mu7ucHkxMOfzqE2Xw4fEqKE174HBu0kUz0smm0VlkbbkuKUa
t8Z8ZyHS+8nQVBFSVbJwLUdFAtIdVOc24LKuN/wZch/gJ1Vz4PiqTidyVD/v
JDGRH4IEAdQcIivQl0TRTkvA4LOTtETilcXFfghgX4ndHycZ+eGlp56c+nfq
14+ItfoG6GjdZyVsJYDGyAGwf1QPAwHNS/qZgkLY1F7Ky78qvh5kqCf+qOaZ
gDZrqU02YYKFbMldRCmjmjx3Zg8sNcltl8MvZa2oe6O33u+SSGMa1GyW5S2u
J2kj68gtbulWAf78iGcAXAkGZymdL5YegtgyqOAHGVKNJ5h3dKetPnBU29QO
UMlUPfWr9zILZjrobnOreBtfoobYY91WBaTC5EChR7UfCcqk/lFCaHmxj+E3
6tkILtftWGMLVakZgE5HA4xKv/ztgmtmwVNwdfQNMHmi5JRyA5dAhy5Z9bNn
wkwVGTZcBVIccrwKl5L3v8FFzntMLN0+xMT+VIjUdAJJzAQPjVVkdnx312nW
PixMDoVNojTKKUmzrJ5uErJQv5kxLb8sRCoW4MUueqlDwTIWU3ngvTGw63gp
Hrab9Jc6nqlB2lVbq9ar59hkzwPU1Sp0CZf3mHGCfBtTlGDsM0m+H6A/5tq6
9Opl2O0ogRVmiuWVKf3k34eHyXkmHJNBqZIWsS6sv+Bzt1PhHS8g8TdpKiq3
4uDMnLQ2+lFSR4g6SMbeVeDhPGPmX5YRLQBvPLipaW8pEhTfGCqMGhDoDb8A
L+pqUuwfPAybd0Pp0vh5U5Jb4u/sKhxh0/3cb56/abBngX3iTlK5LbRv/LXv
zT94iOuSN4TuR1VHjoVZ63jDq485ILtq9TxrD6KTiq6/wTpXvDq4ylR0k8xf
gyY6zkI7jdcEsauNN3DWuaoTvmDKw011YkHq23tTm61Z8Ri/Cw97OWePftg+
skR804psYHd5zpNilWR08cB3df3EKcv8HJi1aOO5JREyTPimw9TTe8V4pPrC
ZILdVRP37P7jM3nYi2He8Z2phTVWwFjh0CoCdLERZFRaLX2goIurXXJwXgLZ
EcDk+G454ebTirdts0BN44FwG57ecJqpbOee9jj/RB72YpiPnMqlPivCGFeX
CwcmcbqhBjQRdnyqUC4FAty8WsE5JUKDo3DaNci33bbkRpWi5cc8BQLmpf+V
lPzwtTzsxTDvRWdNJ8hgUdAH8bz3MNWju0apjB08jLI4CEDKMDGfpk/qwosD
Lst8qGvdtroPQzGF4uvpytjzB4c3nufffTYPez7YeNcywYn2VhljkDI2+L7a
gEDmK7WaQHZ8TFLTBdKk46WRXa+ZULfbQyy7JXlT6UT2ym/rHmzUs3Xn/y08
7Olg3cMdKZ5Km8tKqzq5TnmpTsYDlK11XR8Q+DDIpXA8YZ1Ka4rJKddOLPV2
HcNP56QgNTHkq9D3nNw+SgS7msT4RHGVlMIbOO8HnsTpZHkvqXUALKT/6tWv
lPCnxp3SocGr1Hl+TRCih6jmltvtwreol6nXgpg6hzLgirNKOjNlCprOAQEI
OkqFZIfVP+A2y6vpxuGhdc+IizcgBATsgHBZZkzqLD5R2gDaSK7R4RK1pa7L
LbDBe6ux3k/E8lDHvc5Wb9gj3l1txXaRxoAfUsU/eQZxdkmmFCmMg3YwK9+G
Wh66H0RMKJ5IByqEnknnGFPNktEt96ubvVppl/ZKz6rlYhIEdHSkv26pmQSB
41I9RdahFz9QuoGkmgduzKROtD1Mnu/FgI7y1BbI1K7qMVx4fhAxqdsu4fS6
C6vBZgeQEL/x0ewLkI06p+Lv1P7kHPa6WrVaPqGNMNn/P5rvXErlYsujwD0t
SyJxsxH51ik9ruKjU14bM62Ci95gK77oRkQ6pH8QsYKFrqTEKglSbAiG2yk7
dSLp6kzgVK14rkQ9jdaFreunIaqHI1bvNuV/brCV6fpnSj6dbQ+EqEOnTHh3
tXFgL1mWUCZGphM3J2kfpaY8iJikSSJgW1W2bECwOPMKf2QRcAqrwQTZQAnw
DqNbR8Ejdiejbg1Ckh+ZhlHWXFV10YfolVc1TmyOj7IBpRW4MoB97uakps6C
giDZoarQxEH/kWnIPCjLtR1B/s20ZRwh5prUfDsqXaQFOHMH4OOtcCfRCWHq
ZsljL0OtRtj+agukhh1G8GoHRB5PBxUzyKrMDfDWYDqwTfx9JIjjgAacMfn2
yDSEEEOUlwiYenm5eqLvcijYa1fnK3gD22JDiwKmAPZn2ZX+CMtnzn9UY73H
/tPtQ+z/Z5YICMfC8T44ohDgHoS8ldUWukuPHGhmOC0lD7KOEiFhLerJGPvR
RVN4WY31/2/r/oklNiUADyUjL1W5w26Bj62p7FbtmRq7auAnt4amPJm9gMe6
33aYDiwjSgRgOZWvQDV7wkrGsQHQXBArbLdIi3UCrNXSQY2u4Pvgz4q3AoKv
dWeJbcWhVHY4h/rS5qW88K6mcmrScOwnlognOKpbZx22tD4hOOCHZyyRiY5S
afVq3NDV0Uw9w7N63OF42BywA51UqeOPw6cttpUnArmlhr4H5qruD5WNEoOO
lFqTMoCJ5Fap9gIC6iFazo3l8zZMUlEj7Vvx27wyXn4Xlvhyzu7dG6+6pasg
KR3wpqU45J0De0K9/FSSjptU1wXCxYzRqQ07M5HVViLeDJyq1pwxwr2U6oJ/
6E2qWl/MEl8M88ES3VzVdhBQVhpjlP6nlHoJsgAxHEy/9AKdanOnCCABVVrz
uF7XImAlAc1V66s+DpiMVxW0Ee6eijd/Ikt8Mcw7S2x6ZhBlB48SHdXJL7hW
N8C26mRDSRQsTVtY9SEgNZCAuobXCVjH5+HBcO1iw8uriRYerpyLkHwxS3wx
zDtLzEOgzp2JLwLU1aSD9jPSSNtJhWqsGHXMStTRka4qoBirmxKrTSunGxsX
IC2drK40BdVsNLGRF0p6n80Snw/2wRIXwXXPntQclb0pEQtiCRsRFyp0qMAw
ygldR/PTL0y+Kirwub398jfCQ+OJswJ8G1jalC1uIOvvYYlPB+t+uKOywFue
IDy3igubGrnPAi8pSh+JLRCDCpiNeBR7JGYRpArQBLQSLdy2rtQjnx5RWsIq
vS/zbB3YfgxLBLGewVzqfhhcPYiCShQr81IqKtI2Bh0ddWtK6nd5aQ1D16/G
q309VfJ7nfM41S4RTOp6xf06JispHQoExn8wV1C0miDgtq9mdgvoiWvqapGo
VmjvZonqYKJSfieBorOci1IRtEzMLMz5ZrkyoTOoYZfhVLwgBQGxqmDElfkB
JWnvJ4rSUpZCvNqxp+sqbjJJ2KB0hpfvOj9JYIJRZx/q1Y4RwXsSDAvoOusP
oqhQGbUIOKJUvTqxDN+wS0jlviq7K+wsqDWXqdkRezUrkK605s31raPmfZyy
IYDf0DSL6ugFGI0H/i0rFg9RV4UGqeLvtZmVrF1bXbi8B1EETh7v1T4Ub5aZ
91ngIny9GmlAMohS0r/IPimXCH4EsqpNFiLMOn/IdgBWnY/gXC8ZTNhyMwJ4
DaFA9FXUBI0OPGHMMwa8LLG5Mh9Zq0nG7wdR7BL+09nrZLrYDDBP/mAA9Vbh
hMBfYkzcNfEUF6RUrN7Kqn5e7XbN1YB4lsBU9KlzLLUCX7qTATUCsNX8VL2S
J4g/qqf0GjBE0AlrsXhOexBFHL2p9vwAI8WA2JVMpgryYAu6xdZdhoQEmyRm
4UIq3pGunrt6WL/Jdkh+gn2sc1YwAPNfCZi71s7vKkVieq++mSqxw0bYHu7w
4uaHOkox1T+I4kjQOQBSh2U7cHtUc1n1VSA0ASM7dEOCpyFKbyHqSLf1qfpi
AtJN0p9ENGjYwa1kr1ZpKUukqBMJVHhclQ19MjzULsA/pTemtnPsfuOJ2T2I
4mL+hwdz284wVdA9vLHKfYJbCaEgcl6oeV2sqhNu08mJx9NcANyN3+Am8z1b
z90+ZOv9OaN0qFZ/syqS7cPvgQ7XiOrTMt0UM/DShN/SjFL5oHm1R8IE3Nn4
opclaf//JvOfM0qvJq21udpVi+iyNEBAP5DJFFSsvcecbMTKYluezq4vYFnE
f9YMvMQJA/ICJmCH4Z9Y9Fm8ugVrfGrRa4JJSUTASVTnRN8wgjAV1cKdo2IK
Y7jtzzhFmrk4uKgTq5HV07j9LExfcj9ZPQjYKys0HVnksdv5K0ctV0u72qVH
KRQXVMSba8YlRamy6AEOcwHq8bpOyeC3sip/u9uwzYdYV2W2+rGW0ht6wUtV
QvvYGBkWkpO6OLJU2EbLar6eWYMbtqIO8dZ/F476cs6uEqcoyTI11iYIbaUJ
JzatBIGaeKyXV5JXBP8d58LVHeTooAYa3ntvN9WnaVXVmHrAdbFbwExZT/vc
fiZHfTHMRzclHqWEGx2PNXwKcEutamupC+sOrZUOVcGfKO2f+O/UOsSHEkZp
0sTVmcxoE1wE1mxSd702tjpGfzFHfTHMu+b7jMSInJpO5EdXwl0nfkpQC8i4
JI2J5RLclJjm2F6ql6gsbFeawWBHJny+9abmDLgsPBojNWaNzfG1HPXFMB9K
IngVqUKuKkPjp4XgaLOoml9NmXWcKtBRjHjpLqeNTeJmAGrqsXcDexbVPaRQ
AdZNhZhN3Q7O99xkPh9sdo92vol3K+rR7kzNpjugc+rjPQaJ5KhZSlbpclPD
y93FzaBocBvYX8NVq3BRDapX3HB2zANcXlUA8y0c9elgz8MdqcVUY2kJPcmf
iushDOkuneev6tRtvE4pIzhVAiv7ZhLD8TpAzk38vjXeFULH65YiCVnFtqiK
o/xBHBU41FQKD/HJVx8FJnUCExfeAe9ISATsD11x4grBckMEGwv1YNK6Rvsl
jhqkSh7VcIjhAPlrd1kF6pGfyJptHuCXujRL6QCMBZzoS11Jl/7z9Nr0lzjq
kBDY8WoSZV5nQcoFAguqc57SgqXKeCX2BLkaqEyqGWI+7X5v1n+lLu/6q3/5
984/3v3rf/7Hf1lw6YMaZP3NRsC4SOthSGzFci2WpLxOoJxBZwbSFakQObCz
chxFVrraTGHZ0ClgwfnBbieWGnSldl31gadWlVYDCFTup7rhiu8GAMf0eRn1
UReZ0kG4v0Ul6SXtg3yxRqWBSSopEHVbgywCk0q13s2p+Co5wTjYDbZYy1Y2
R3vLR1V3Kp8CNE9NEAA/StDE7fVT3cLGGAkQEycDQd3qo32A9k53X0l1iO3t
GtRc8xI4z3w/fgWo5DAOHJMUva2qYihs7BX/m6x0CaGO5tSQGp/xz+w262ID
TqnzwqnzlYrzBo83NV7T2UtxQyXzmlcfQMZAfiUug/RvOLMOW5YIJcSsM2M6
ucy9NLdnsdxHBdvACQ++veEfs9pvCdSn0ZWZ5dzbNWiPy9TrmTXqREaMlyXN
aliFl1Ib7gK4zWWtIN0WKccHvpI/SRdyhfFGpd6zzvH2Iev8pw68Tuaua1sI
msNHKCEYfKr0Nd3UQlBZRRanJFOLVwnJFYnGWhiSxX3dIAviOWEY0ACCjTnV
dgLcocG4dHVamDWoJwmBCQt2O0ErglIKTsU7pqrrS5iF1K8KXgtPBnZRaYDa
r7CwarsrNcUAN3IDRnlzIxa2lYM6OPjr/EN8ceMJH6ISHVRHACLcnRMmOBwO
pJSziXciPrFq6qnY7DCTQffCUK57B152tETyHFSOLe90DQnfnwfCxwqANcZ5
tCSDyMUhrT3LRR1/dVR8fu7Ai0kOydHtBZZs9S4Aquajf1H/gJENjDgoOJTF
ANlpbUUo1VSbELVuhS5iAKoS2jNKaj96Bqu7BP/7qNe/HPGFYSLrFdlhsxqb
pku7R0rZe8ofKyUhXkR+D2X7YNAqH+meZ3RI8Yi3qZCqBpmqYfQteSmfjIgZ
fTXLeD7Me6XTwTdFa+3gM/dV6SISNdeCYnjptKppuikTZDOUioUdH51Xgsg5
gJYbQSZ76Z35YZITz1NHBJFo/dUs4/kw7+LfQSd2rUjoexR+Tz5WvRCrlB9y
21FJz8H7pQ1eJWeKcfMaE1xQd003pdgA1tLIC7jn1b5n4h1At1/NMp4P835f
MqYRoCyeIWHvOSUdit/GZwEa1AFTjJCINYN6HErmvRFmXFqN4Br2vOl23Kmn
jsf58fOlzlQzEWq/h2U8HWye93OAo/6Y3WN0dYSxBRNaMTCcEpocjLfxPGV2
EPeSivlgFQKmIHXHm95COnAtnNLV+U2pPaMXCeJ+E8t4NtjycEc4DlZqqSNP
G7t4EJs6+4SskmeCh/pRdqJByWrcVKKqdcQy1TnKgUxuCbdMKPNCusrT2lHp
RNIw+CCWoW4eU+01TSCkFEJ1GEfXcO5i79PHDHZSVgGBLqt2KMCQdDQF14M5
/loDLfUr3IFw0pMaS6sqIeKf1eZQnUuxdaDR6JL0YScMqarpXGxKSX+Md7MM
5ljl49XJRSRrUW0iJJBEIKiChPiRLQUzXkYdvcTa5YB06weEqu+sW3s/T+Dl
ImBCGTkgBHVkkZ6YJIOGWjyrUj1cDHxKvxSgws6pmmogCFHtDxGPo9rmwnKo
oV27xp/LnHFJCqsXqz1YdXBPYgsc2vQ+be4N/TsgGDC0HWlDJtClz4AnN/X6
Y7Tc1fytKkf96Mhb2BlkBSRerbGK0miXmNaDJ6y8IwA+69mwAwHipf6uXSq6
TQNQu+DTgWKttbK3+u5BfCXF31x8E/HY6apvw49C8VvYp4KEVaW0VAoRmuEf
QVmsqen0Am9kii1Kmsvd/uAJIAPg2cFAL8l5U+NdBREPoizMGbbQYQG65VLB
bTvLgJCq51z9FoNuHHUQXcJd+BqeYGqwXpQolySHD4o2iUuOribqI0adQmNs
58xs9RIgvNIl/Z66NCf0eQEzuRfQbtG9/w5NEvCEu8hjZfnSDuI/6rpOgFPl
/W9w2/MeE+u3DzGxnylKnyxsdmtuJp0VixJ2XAqtUyhKLWpb0C0bQbSkFjE3
QlOck5nm+S8FCNlmXqM8EMkCx4omBpjL7iyOc0r5xHiDemKsdMuwydUxiZmW
+hWzBB9IUao6NF555tPJT0NsTU5V50UlDd0QtcEkEf+AHFCUtVUUrH/xGHm7
UxTgkgq8AuSraGV4Ji46MrdFkhn8eyUsNvjcMl1YqZGnFPo7vlP1Nz8Xhem+
OqUzsDRd3lsPVbX1f6UoRQr0zmlfeGag+KVGwx4mDJwrJuhuOqtxUGr1cGeu
84pK2rCobNvfhaK8HPGVHQPMDqrSkwKsuo2EvaR45bfU7JwukyTBCeZhrw+2
gMNIpvIxW6w9hRsbrcNvAIumnrGqnNP1GrH7q0u6ng/zfsA6C3s8xxGr8tnU
1XyC+eD/0JSoXsXwd6U7DBYzg9GHLvYkJU+gvdqsOB1s4bQMM8P31ZKVtuli
+uoevy+GeYeza9a5Mn8OUfqeW1XIAKbUQki9ZjWVcSH7KBDY52kAXJ1nVPwy
q7vCLV+cXoo7gkOrF4cbZk78l5d0PR9mf/ScSsqvKSrIGzYwuPvpM75X4i+g
ppNPnEfN2AWdyoqEKQcqkVN158YOTkCRxmJPtaQA3sYN/LfvoSjPB/voOQWl
BJLrvCVFr7OxwtbUD2yBDSaworIVWe+sdFqfiMLqgMfqTXzv9Le44SvOZlAN
AE4816bqgPxdJV3PBlse7sh2VzrJVEPDvVQv0pNgd+Y3nImU+gk3NX+XMG/1
0txUV1AV1gJMk5+6XjH18ZgnEyt3OxEM/1H68YkwBApSPxcVQc+pMz8irY14
4tWP1MOpYP9dslRO8J0tBEwAZiX/vMrqNUWRIlVR+wPWGa7mthTyqgS+ieML
1gM+PBGrX1DXAMAD84061OooOnt/SZckgpV8Z7OANw+QK4J5tKDsPx1VwxhK
lqwIYUOtf6ZKJIFg/AiKWd9b0vV+jiJdb8+HrOlcPgjmKRM/AmNh6lmCrTrE
IOa1DOA+57Qd1MJIgkN86AdH4Q8EgL75tZSGak2kAkPcICSop2dWV0qlurlg
XuXQCZzOqoAN220kNVMv0jgYatHcCCWzhMkKspI8Qcq3EG0okyTc+c0zXQlN
3V4l8qEmiQ+O4nBdatO0dQMaW4Hew0p4nDhhMedU5JO9Katjnn7UXXdow+oO
fIKGHk1+g/eqZlZFVrsqQqUVphIWSDFgbko83G1+FFR9ozqMWWH9So8y5XX/
aLAV1V0Jp2NVnRJ06J6TLjdAolceINsxK8nPLXeEjbzUudxVSXYDDupEiblT
S65W1PFKxWOSOoNPjFOk0E78ikpvKwnGVA70JU9Iz/JSJXzT1giTUZrqcWZS
BYrlpEofF6tklfr2yiQaiv44yb662qCqbVesOmU+7ZGp52S4zLEpQwCeoPKx
swCbSU3UlTa0uw7RsakmXHwypK1KQzQoh2f8yNRjFpJuB+PCMeQ+wEkBNwRZ
KoCRdtQXqyohL/ciIfvTRQFrb93GzZnMXH2QdyWkLxDoxIOLV6hUTP2nIQ0l
F/mBRPTGM0qPZOBydR80Wh2PTL0gHfMoyWImNVbdrCyvKLDVGqf3GFV5wGyr
MVmAn7cYZcTeNWbTfpR0vcf+x+1D7P9PJV3qfNYVn5TDlwl/e8PIr6R1CHUX
vZas/va85vACc32ZhM1zBfS11w22fp87niZJNMNxYda6oZQKM0ighJ1VwwtZ
zMroVFUgM1pzxiibLsu1jyUrcRGoeTyTVHskQHglBCnLLiUovVOj2Z7UbWcz
+WyEtFQyznJ2JcWoJtOvn+94dlSR+Faru9z6xiCJSf7JHc9SMbJofcFwmtIo
icm5wrqlCeSlTY8H6g6/ImHfVTrWf5ZnbqMEsn8XAvVyxBeBSrVCjay1oEVO
bEPWYkQPFVWvMwdWC+pMF2GoLUN9iztJWtlbFffjBsG/ZCSue+hxAvwpNl27
P2MWn3rH83yY/pGOcyXC5Q3eDFdRJ469Jsm5xJGSlOCKOiVK9Typx3dTMvNW
mmsRx78gNy5TKhoEYaV/AieSrnm/+o7n+TAfYBvmCqbMpkpSkBZOqtatcz/2
Q7vcnkr7dEpnXY0ItzpxAUh31HnFvlV+rDoAIaQxc8TLnzmUl/LVdzzPh3m/
43Gifiqvrlc50+lFIHyoDYxdimND+uD5yhXOpTul/7Jfh8IWgTffBP0qQF4p
wXgs4JbXmio94VvueJ4Odj1IMTgBO9uCf0n3UELGwjo95Lj5XNGJG+ZNoA9n
6TiSyQBAGMw313AT+mCuRlKXJkkbS/A9ahDfc8fzbLDu4Y4k1ZElIRZBcdLq
WaksnKx0lg5RRk1InD9O6R5ARMK6+kFJACLgi/E5Hqudug46ylVXwZ+pIa2l
j9ImhDaAPqYuxHXy4o5orJoP4FKKqu+UeB3rPiMZ0A8i23toB5zFj0P9tUwy
vFS4qkeI+cEPlR16CIpyWBMITGsO1HVKOrEqwWhwFBPDWtVmvMC7CdRWTpzx
zaoTxoFEiJTyElkagJ23BFDOEqhTTrlKZnS46aXrDU7a53xAtdMH5IOFLjEv
aK2TkLltvIB60hjsSYUtoON11lFdqCUDOUnBtSrvKLQZW/vBoTDjpjTC7TNw
ZKtn1Clqe19LA3ZYUMqAeX4wVR0zWsyQkOCsEqYgHfxldO5qPaMWqjAJnbgn
5b9K1xjcCglKSmFn/0bMZ6oPGLN+CZAz2geHMoOZqAwQsKl6VcYML+xD4phR
nXiArLx88ddFTZMQQPM7jByldBfzg0PxpmoN1V2XrnBVSTegjhHxyV5UyzCS
g6gNZbEudT201YZ4QwwDYvZHAy41mVjsYvgZvImBs20PMK87YMRWM3gnCTEf
dGwTkmXWQhB0eUKOssWAtMovxVUPtdvGhcAxdvQN334khMz0biXUtt4UpNnu
G9qHGxpVFc13DjXVMDeVwuwUOLHHocs2TfqN0XXGC2uQDiUuFWIkhXMn3nb1
scp3EXs41CQagGWlSj8q4RTi04ggsfNb6bCMl9zoiZIhinICa6ovHXgWMmWp
/9GAy89TpaoIFSxXP5KeAUgdsqlu2VFKJXvyDen4qLIH9lpWNZ4P84aL3prL
pQoUxiuwPNRib4AwT1Lf4+l0wt+Hjr8x5Z0kvgNp1LYM6izx4FBJZf1jNZVa
Qd5yOTpLq4yxH/1JZ654GBaLl5Soo1vTdwwMYE783L/B/dd7tp7dPmTr/SlF
r6QKIbHSDFzZpe84Jv7PSbImSqyrErYlOAKOrlWN8MRhmj7M0rzUbQy/0f0X
ButHjEDipsbgMCqfnbr11a37IxXbWWSqdakkGH36iFJ8Cdr2+cQ7fQvYSIQl
1cS2N4xzxUuFAq404x4brn10f9jzUVc7wkvpSm4goky8wc+iiMw6VoupOnyH
ugb7FFUF+Ff6luVxmLtU8DPjyvNW78DjQhOvg9pn+M2Q0irhCuuZseMEU9ub
wLrDb0PfXo34yrwnNJ4OHsZ/q0speNAdlk3K4vLb3UVl7U8JjSwwCjOB4yM0
6vS973aL0leXcABrt5TMqFYWQsLpq+nb82HeAf8OqbANYabpSr3D76pFUzvZ
dH8J+ZQyj8O7XQ5+qW65pRVyWlaU35NAYHWGPYLOvzTAM1U2+FwE7zPp2/Nh
PtrPHnXycIwDF1KauIvf2pmAP944DMlMHXOXOCMOYg2dluII1HnP53pLQx0G
Y5trQpB6JdyDVDtx4avp2/Nh3sm4CgQB9YIrOcHK9yIesiuH8ioPL483k175
UNNXKbK37te2vHSaqyvRMQC/bvA3YOCuLhTOrk6dzxRWvoC+PR1sv0vL764L
DutYq3mVpy3p52edubJRYWa61u1bdY1Lino9znUi0Q2+3udst9SJIgHvjb+a
6rakFle9X8IJ30Hfng12PtzRGRXgF4n6k9BRdYzJhg3qkMjaEdcFMHsmXAIK
QWGKaUYcIJiykHvfXNbhny+l6+QCWB96jwbc/ChJw6mIJjkN1TGBW4eX/FWw
q/am+7okBeoC/vcAAhuMgXkALTFi39S46VfoGyYZhoqiStlJymWmjidRQEaN
9fxIUkkn3BdVr/apwrBoV0ZmUj7P++mb+k7EtpUFryQnVVdM9VlSATXLJEG6
i1UPXTaofjoQFE3WWPCd5S+FQMnbTy25njXowgb/XoOu+kzhwv8tzvcPtTbs
gE6TSMOZUepsgkZhCQgwaPUo1r0TO0Ukl7jh1COO+dC4t3RIc5aae2pqLZD6
wISn4hBblsm7upGOuJcyDQoWVIoaD0Mlm6BNce3m4h+3b6bSabZFN4k0LqCS
mxi7+juvsrNUJTbsRSzb4PztOtWCszCGWwPjd+lp5S1OpXzKJPQJ4cflEeQc
DjNCzNR3S62SlfcF0HNT1EdJboTZDavhLZY6hRcxIJhGHMOyjci3Zl1MYyiT
n4pOTJ2veVX6b5N0tqrF3E3tCAJoTQXUVyb8tFn0tiHnkbxEr6SlBMwF0OMB
fN9Xh3jl8F3Kpm08Go79A+SoYwKeCH5NSq6fuhCHK4LEGdoaEmcCjapmUD0E
lNJTu6hluES2dIPbAL9EcqlfG/Q0KftU/WbAvHAa0L7ol+FwTCWHY7Edy9Bl
dMPGyy2OOxP+h1f+VVQ5WAMBec8HTpGcXXVDndYzbKAoj3Y5kY4YdMTBqqkl
+Zxymbw2XMKkSgPvanGcFsOUPvTVpgsobxGqFyS6IIF3pglYznwkdTUChd6O
/dH8jDXBTUjUld/yS93T4M2K/eppLWn6KIagpsKaOzWindLf3zWClq/2fiqa
iRBmca+hpF8zCUMONYpU6zLJe0sZPEpTNSbdK+GCcw1FzcI2U3Zv5dyUPqpv
rXBdqQioiNMM7glcVCabVAGkF+1ZCyt8aXG6MWRuWXTgFvHAjQxcU8OM6UQ/
VBz7f9o7lyVbbiS7zuMr6gdkhgACAWDYZtJYU02BADCSaa6/11qRSRZZfa+s
Lpl8DLpo1mzex8kTAcB9b4f73uNsfMJpK6L/YrPwAgfc6KybJMD3OoGw1wez
d7ewCpArK4bJi9ThKw3FmMUnAi1YkUhiZPOV5rB7sJkNLpieeJSzkXOaTsi2
YvCz+v16UCjSwtbnXM4+VgRqTO8HAkT7XKpkhbjLiPzwelzl57vE33GaCQu/
/zSv4wtO8318yWn+FS3+RymE3StCAaMGBtvhKLsHTl7w6uoxBSWEdJLV5S6p
hngekwXlyVMiqS3dIuDUr5mkyzmtgo6bEL8BVQrAgH+Bxp214ghkXhSU/T7I
2auaRL4z+8Y+jkVnwpSJI7DhdSpDNXXOBFQ//q/ykICOdMR7v4JwwFL2GFHJ
nrQUL07YCtHseHZbAuoeSb0TX0i0lTyzIvrZk90PO6aDUpnkkGTfnoaKvZ+b
ZR+vXOCleWnLxeMVLO4SIsqsLVzk67uQco5QbQnavdtIc6tI269rnUY8VnG3
BJ7gOClBalxjz4PGbB1SvZVjMZ1zUmlI462fZUQuUFfbOQ2+n2YhHApFxElm
sHLYL6dfpKnKbpHjVwBdd4aL40GoemVlbck7n6TP4AS5sNFBTD0GKOZWLeRc
ysWAX+1kY5tmjXzyq425Pq92wX0rXY7l7HfM1HHcqmRKfps0n51Vykyq0OT3
6v0mtoZ7Wv04Ye6/qg2oKAaW4VQ18somXNlOVsZ/lhmBJCqjouqxgUuV7erY
t1Osj3PDPXKer7qJ4KuGnms+lFe3f8QKck61sgo5c9ZD5bCEUcvSjIhVBfLu
i2x1Tu+kCZAg8FWUq38OSCtHtrW/jf33d9/ZS9QKVNRiOIRNCwF4ZHucWiX2
2JOmDk8XjOaW2A5bgbMbDu5gCjElHEQ6srO7Y/XXyL17ACt06E+uLnznMT/6
MWd7lSlWjJoOX0qqkzKXajhnByq/onVQ7sculZGcerw5wtYPNWJeDgCe3iXz
ri43D4iTPBklY39udeE7j/nBRM8rkkKMXudWUEWxJzJ8gfKwl7fDfFFnq5KI
psRlsgeIIgfvFvikfiyeifD3vhdQ9bg1utcs4lur+UdWF77zmPvT5XykTi61
l4yYZTNPTjaAkVU4wM6kj1MSVPLbrvGwVbfNIipBn3scWgNNzezlhrG96Oau
Vgz/kurCtx+2flSMnMGwUyFZMzIKEdVJObbVACtjNvUG3c0U+IPWJWUaAdUc
U52d2LrnW/j2dCpXHRoRfJKsn/KXVBe++bD5MxzNMZTbBQop08FGzFvpVsjc
uJQZyMAAIg3Q1WtlbbGvJJm/rbyz8499O5N92+pQHOp4hn8VUP1V1YWgtlce
ZNbwvFW7wWaK4lFNfkBjsDDwYisheGMUavaVkxVvoATP8EPVhf2ow8ArGpnH
1KnZq4LJRr9W71XFSUgTSBR0w2/l91rD9nmQUxx3+t3VBSUUBz/qufezbwgB
SEIivltZsms7TboUmjx7s6Sxrrd1dVeoO+j1Nw0AfmWRQJ24bTm4dQ2T76Le
n6IwECx+XVUHHmkXON7ztoiCFdTrBzfNsQ4HZcDTO0D3vJQLZPyzTQJVZldB
zpbGztbTQRheEGXO4EMoAf8rt8cbeY71T9cFIKpzocFGpKfC7ACK8dJEXEXO
LGs7ecDz/YCXDdQI1A5rnPMQQHqq9R0/9aiO5wWT4AOGAnCDH5xeKWclqcEs
4H0y+s1f5vdGP+G55dC33DYpoqKqllmJWYBLv+R8dWuqTZrXfMVLWxDv4GV4
e77kP2XCJNJxcfqcwI7+olZrO/iwGoNXjaRD6YsY4cAgtAeyekaILgmGt88O
CQDQ8XORgOP08Omz77xX7KreQzIvvRoWxEe1OZssDUAbvq/EGZzBoxbvo8K4
6zOIFZkXpixY71ooA+Ni0yx5wiBhqEQo2Jgi1unZqhBdaZ4qSLQzEzQ+iwTA
Uu1niofc2+tybe9c9gYEnMDHt0XxAQspSxwcOb5U0laSlNSjNfp8W01fa07v
MwiCkPY7g8PXCZPWpkepRB4QTsKGm8qIQxwnnMPh9PMo7Z9FAgLvWfgNdfJI
yudVCbkNOqfiCTBZKySAi82q2/kDbav4epDZ+zgFwPG1L3T6UoUVDjD7HB7D
74HjxpaJFBUAuwLEzpHaPqyrAw8ctDbv028REpBo2Hi5bdvcU15dXYRzKqri
V+N9tjZ1Eb/ISE2/nspXZY0eIr7DnVHlcAicXV0zFec3vRE0YCeo13LV4Dts
OM+TBCzu1W/bYdbPRQJRqca7QHD7rU/bxzsBl6R3jpAcaOxhPlUqxSJlzkTm
CLBXxzzYOxoATtJLKryPNK7leA3M6tQQXbM/wFIGI0GvwETwrKm+i1PDyuIT
TY7ydzA5/D2B5Dq+IJC04wsCyXV8SSD5dX0CUhl1QWFx3ubr4pQAgJCvzvbc
aTpkYHc+L049rAq2n4dV8f28ccI5lue94NFRhkyZxUwPxBwG0J/xlvXU4Olx
Q72BlbczXPk52HpWj787+Bqvi6PK1mcjsKRDldKltBoZJihr2bSEAswQpY9R
6skedRxVWbV26RmbAD0xsuGrO235R0G4iX/4YKXBMy+lZtJx4agAl5fSc2dn
M4KIIf9/n/oE2+uKhnNDF4FR07N0uer9UvCy1fCcgKgzhWexPaNycynM0lM7
eCLeCiddYRo+d8eivlorWUefc1nKrbCDoBXe6gTxypJvAIB1Df2mrvxRn9jF
hfVtFML4ubc94TehjG91E3ohCYAQbxCEdTYT3VrDrKifDRv1V/UJtpseUgmQ
RYC2qwgmvA2k/8nQkVd6jRv2kjL5htMAwidt7LPdD0evssM735PsRr4JkM16
gHFuqybqI1+Ecr7ps8hyN/ti9+l4PLDZpqMr1RvOfhHKu41d+Yr9Bi3e5pc2
3GB/m+b1776zlxBYaiWrXgruhWHjHizAKQfifQGG94e3FBdhKxH6kuOy+2la
ea6bnHB09fniJnOS7cfKTkEUAmb/lnDmH1mf+M5jfhB3uQqhPlZnv8KEhiuY
DDbhkAAnScekl0DsId03IsF1di8GSDgXfyOmo0bvLQRD7NYnq3jA52cS1p9c
n/jOY/ZPHSbnezitACFl59KrxfEey6LRqK3OqqB2DQ6A+UQCx9aB78nTlo5X
rJ3f9EbZAeecbK9TaOJPrk985zE/NXtiG/ZmVyLgaxQVn2lv/pIi8Tni03OY
OEiOMy5QJZuUKJSI7RNk8LoJ5ALwLfXJj9NSDeS2/yIZ1G8/7PPRuNPfixCb
vbfugaSrODer5OsAAWnHVZ4LsKCAxe3kNtxQ8cYzZBtaD3vMcnY0a4GebYy7
E1Cyp2936v/R9YlvPuz6DEeLVXCPPmS/B24I8mXvKoPiQHMOOidqGL1y1rgr
e1jbAxQEJoEzyzF2e3bgCPBLzjVM5bVtJn++qD7BozZNrVux7E4kIZuHt310
rgH0BM/3YT9YswPiUs0WqEbynWCbln7MqsOJLq9AlY2HDClaqCh88fbUKmoF
fm4vzQLHmkx+RmISWE+fE1Hk765PgDU1S1X3PkIA7XB9RQNAjRB1PbhmGzfQ
+hRXAmwv242G3RnKM96/bfr3SwsUC6ZUm10i/CvVlru1HkuSj62pwUVb1Tsz
lTeHQ922s9urIh1oDrcsDeqFrE+Rt2Q22SslcHc5Qi8cx3HKjwALXmAs9vDw
vgKidbZj/KJAcRYvEG14gHHYnAlFhSjoMMBDkFn5j3zpKCVPr2m78Jde2ecB
knx1YIr9u0ruT9Jy0CF7xpNvkAGGEKXTovTFCb3PATteW/UfYKMqHoUn+pBF
aMlrJsDKeKqGi092rBUkcNr4qifVGksJYtO5naQD3st2ISHczjw+UW0qEILj
XmDUZFEOPg+aZ4smDm4APoO+c8jeWFhqUCwKTAUQ4+z/XKCodpRmTdJqcVCZ
nLusOXKs05OSDhnN7nf+gA20IJQRbYmKHKzDnxuXXYrqtAFOnSnpLW5vpDPn
4h4aFQRNDjekGu6qxOVmw66WtXiHb96f7iX/qILZYFs6VFw2Py+41Q3Ge5yP
uUDFLn29s8IfD3tJ25I4NURo47Drx9RK0LrkLESmPiBqpB6nCLqW6XrBrXyG
cQuj4lRcbNhNdY0B9r0JYb8oUBTF2katyVrtCbda5Xn4wCjEdsxnnVCszBbK
TvDES9+e+y7gklW0u+N3LsiyPqZakwlVSX4jkSBr2E6J20ugnSP7sVh+LLog
eoCfqx+XbrKhSv6bxZ8Lpq70dFwyMs5UTBM+yk9XUW9MrT1Z6NEWZNU6IGT5
uFvdPCjMgMgBUYRB1Q1kjiVC252rfp7ngl10wTWUiCWPcBVVJXuc5Wr7n10M
7I1EDL7cFPm6OvBlnbwGY8ClFkIaw2vQzueW3nUtaATQaisFxLyWWMtU+rWE
VEY+ISKErts55hy0huZtQuRmS8oJKY2iM8ZqmnfCvkBaYXxMOfyDAHcD+4el
giACHl7/7hw5t/UJ4dEAnO3H1/3w75QPgox7hDjwbjcs64KDwQjVi1xraijG
6jjuvK5tf/UL1M6r8RhWiTNbaj6XPd5eJcZj/nPeHC73PEkSAyft7W3sdyrx
AtRbQjuzl1SaM7ZYIx8HKTwbnLjtfuw5bfEP/GxiiV0Hyr8SnoBYhDQ2yQhF
9wR2devaQcF0PRqZgLEcPo7RqxAi6ulVtE5xdnypAU6MadZ/T6EZ+9QL6a7u
ftZ6JzXfdU8PLwZEczyOoNthHog6TxLEqTbGKyX36bDKh53aY3LOlRhooFiy
bVJkQ6l/0uz+mNogsSobyF/Lrd3xdTDISSKYdQ3Jeiyma8xSDbHWajxMN7yG
F1bHwSmv1gGnkwkmtqgTMIvu+1TmWildMmkMBPp9645xumbRPcZBbMRrcvg/
e15+e+w/jy+I/ev4gth/HV8S+39dU4q3rQKWh6eFAII3x791iy2voNYZaidY
84b4dQ4/kTWGw9qNDVkw/Jsvm97DyLfQr5yIq3VvyyLDe4lSiUUT6EvwddJu
133NZx+cU+Pjd7UA/qvn5Rc1pXyTAx4dXDMPAdyJToE/USGL5r9uE412zsVu
KvsQR06aD89ELtn14f3cDiBl8x5RRFUqK/SJs2f1BY4arbJt+PZ8p8XSu4RF
o5b8OQ8TSM7EhJeCL+fSrTIDZu0gJVf2Dx9lUAIIYJdgyx77tXSnXReJ5lc1
JX4GOY0gU23dmt2D15YdfP9aU6qBPOEdhPraJw/e/YZA7bJCqpWTderZVU8+
8GFzEX0OOzPLzukKqkZAwb1rZYFBOnpZ3CDmYBN34I04MUWo2a9sZqvxbSGT
kXFsR9nrKn+XmtJ339k7W85K9sXin6/PH5HofN4+d2KOFz0nO5UYzg7lqV+B
GBsFPZwc7VvHJo5rPadrWt9zW/2Wsez2J9eUvvOYn2rQPIwthYpp7kvHuFks
JIAansDeI8U0myAloKdkTSkZwg+BQXzA/uIEscBiHZAuf9jWnsTm+rN7Xr7z
mB+jJhMqA9hVXOjWt29mW3PMhWRhAqCzFLc1emVbHHslomieMJ3ZazkfWZc6
0u7jdOQi3cYSggoDf7Ygwnce86MNxBgcdcEDtNnK2m4QSicVTz3AgdLxo/2Y
PKbKj/KrC0hBJrcIOONxGdfIt2StcjYx1lDBEirxl9SUvv2wnw0+YDDQt62I
b9+g4Ux70bb0SuPbZ9J8H/si+MRNBgMG842TBlk3f6cfp2ChaWe8ACpkgGIH
MjDlr6kpffNh90/hCB6yyU2rF8JJJT+dACU1XuEimiPsoWfODa8brfRl43dv
4xbjZYNB3yNUlhoAF0pWUJGILYIdX1RTqtMSTFU7fjflqwgrd5naUfTpK1Bd
TT35LEKDrLR6k4tGcviaNPtDNSXVfziOESAWAu9ENfrnVWvSgNoj2k7eH4tw
veBdTBHgV+Jg4twXKMqBPc+3m0VHEsD0w8pPztvUg+6B9DXQRARCvKUlFREa
KFdzdS9Y528WRPjKshLsVbpcBuH9OaFD/KmydRa7dUBh+Vgir97jS3vOi7g+
nrZa4L/HEevMolIv3cbDkXM6YK2xtUxtACLWl/wx72o3OUANjj9eERPg3H06
dTWP+/lF30sA6mjGt+Tr0TGJ0zFGZbnjSvfYw66t3UnSN3QTihWHFiFbLcwF
YoNCdAiS2Ww9ewO0J7zcXfKk4tOxXRrbvvXWuvjzUiU/b/4AaBweuqBJnVV9
yBGxmSKWQtPQZ4+UulvsMkgxMZVYcb1i+m+vL/j0XpeuTY4Xd374ChD0TWwt
q0d+UCJb7JCVReD51QTzu8CLrgWnFQjrfNqCHOSnslJIDp5v3hjHHfjNiYdf
x+scQ/PX+G57kOh5LvLzfTVvB4kEfPp9Hn531RRg0JBdeGS374NIEfiew1Z6
VvYmz58D7Adn91K7lHbZ/3gnAUs/avosK6U5rnR1xbOzNe0RvEcG4Kjp3J1t
cUJgsyQKRnT+GQ6yAo9q3TcUhbfMZ7+zCOQZ1s52FoXqdPGOj5aqhPPdgsIR
yfaAG2bCdhv9dehc61j3L4ZjePXDnpqiPmAfPal3N6MuuRc/Zk4DPMEmLE0g
6ktEWARbtlTOJW4KBF7yB08nxz1WXa5OugP68XK2dSfHIXadUIo12Sg8aLfV
bZZD+TSQgywMlMibVJh319cDtHjHUd0+mS9AlFNCfnP0iMbaAl9wFG+lj3wG
FiQ9dtfcVZtNlzHu1y1pF9t+dB+eLMuAFkwdbVRmKpujXS3pvvZQ7zsJmUUc
NiywVOzY/KSVTscWJ/D9NVVaG8j/ShGoUME3VyASHDT6wXd4/X4DICFyjtWI
y1kVmwwBeka9whjKeVTWqCh5t8FOCpQSAbJaeQ7HpM+y0u2rTXrjlHVGAsBQ
rjBIylIvMCk1QKKlCRgTsEvaRxR1NBTSeOSalL0mfNhYc18xK0/G83iPDT0n
TPDqk+mOBeBskvh58xzRqIL5qdfSMfM/y0rB/ht/OfA9W1JPSG1oYkhhAzYb
DOzYv02tTjos7YWijlKNGGX58mK/w5PUSljWDGxDSVnJpaLE8lZ66WTpSb7r
esDVF1xYO63o8OrB+7AxoDiSb5QEW9uV0VsfkGEfxzYEljBvlzHCK4gjfJIl
EcVHqmMO9cWc05UAt27AqWKBmZymTiSUPOgKwjaCqwnrLBRb5d+5R3d+XPPn
stI7GQZyeOqLCgFOI9kGlLL3HvccffOeHOkIbNd+VX0eSniVKQ+Vj5rtEBHI
VMr5PKcOGj3ZGVHve+u7Ue0LgjyDpyMhbsBzgVfk/snJa1Ya/hZdUr897ZTj
C9LOPL4g7cTjS9LOrytaTVsMB+MGyUBDp7JvZZp7eAHDfRH6m+Wjla1e2EN/
nUdlg4zQWxU9pEebQ3+Fk6QyidtQbZQk59JmjdeaiNgg9OEXqWfQ1iaNPNr1
3S6p9F9dUr+saLGDC5/f8of3w6XuNOlAE5yHDPmAHaYVOzaXFkH6m6sxoXDw
oW/XfCasIHK2vA152KcsD7kOatVPTnwzSYRxX7z4abckQcxUxnsBYufno6J1
AkHYrwQoQj9cwDGysBw9SE0TAoDIiNAwO9EJh+TFHcEkYBE4Qaz3rypa02Y6
QuVcQ+NMAkSHGu1vmEWrmR4si/c1Bhi0vwEL/kGmJfreXmyF1C1Hd002z5AO
sG628hbulyQ77e2kPQf4ZbwWuiTOvCkOOXvj2q9MlRdqdvJuNQwOfYZZ9zH/
LhWt776zVyPmit3bMxUEOTZK4kPJOieHp0uWbWY8Bwht2UkVQXihDKURJ28Q
/HWwLbvazJDmZZGzRy8lax/fmhH5Iyta33nMD+31J/RK8FivzDDZ2Bh7a2VJ
2rejd7CUc+Wx3x5wrwGAM+wOwi97sNaj200oqj3DC72e4kws0fVbhbs/sqL1
ncf8MIuOlXhpR+wKoOVet471Dr5uxzEAVdVgRdxWgJ6YpPpYDmBBMhV7HvJY
iUAZzrovcPIDRo88aU7nt+Qg/8iK1ncec3wqiQjhnfeHu3Topz2V3h8CKYFM
67136gmgReaZyZ4Fco49X1HNnAxO0QckaGZY+gPG54UE3tX910h8fvthw6dZ
dHIMqzoTc3qtOIfPwhMqA3CuVwQdzLut7GzhPan1GfwOSa+FWI5krAZpkXjj
STZoRuR2zfPbI2t/dEXrmw/bPsNRvHabdTrWDSoGJj0PmAQwrYGrrUYE4hO0
w+a81LEjHrXO4t6q4MU7HOCe2G9Iwhy5sJsjjzsjx718UUWrp5ZDXNv5fqhT
Pz+aSaEmShipCve25JZzAu/MC7eqPoq5T23WfswjoRBUJz8n2nYuquNjvfLN
EDZdssEvG/pDqFqzwEvau9EVvAZEQXx+/xRXhTMWcsIeezuw/ADNBmAfZpxg
STYobh0gcvJ5bS1lg/U9oVYQqfwvGjH/i7N0tv+vW/TH2vy3//l//vf//cd/
/I//+O8/rBTDU3xDHVR7w/zbFEJVhNckaQHu5mv8aM9H1ldhwKpEZAOQWL3J
rerS1ttL6auyKmDxT4XQY2XiF0dUtVflEUo7NQ9ld0KUH+gwUOVDl7xUgGCB
tF8bmP7MqvZo/ckioYHanTRjr20+4oZb5arLHjQNYO8IFMjleli0x95uQrsD
ysXb9wzR+7R7rlDSwN7S7UyNchK8ivYOvVXSSJjOe2RrsyRBWzQvvVmJu3YG
pE85kkNjv+t0XyR7pIfRQjmU0cOSr8Fd22xOmYQzJpHnvRb51y47/v/rJ38D
R4BugLE6nJuofud5w6Gy9+TalcMIVEFSnf6pZF0djfkx0XvletWXtX3BG/61
iqPXn+d7jVASTzkBpuyCJozeT7tVj1lvTZtzz/9ym0Jhr5f4MLbGd8Um2iD7
xlPNanbMjsWKRdZPulV9nAMYpWt/AGp5dTgEz8um4Oc+27h74ixGW/CmJgyR
/xiXMvjTHiEL+vPVWNhWnrdNCY9BdyuQOZSMjj+rOEp9r0UAD10PVKLpqBaZ
luZRrJ5C2fBsogW7Xl0FUIKNHOHVd+z7A+P/AqJ/w2usASQWUbGBKZViFvUT
uHNXKiU6N+4Fy9PBVuty3mLNzC+Vp8Stv8LXBG4lsdnrvMkbhKMCswZ4Sloo
5373mLzYNqTpGlDt+SrKkVze6/UfbG+dhpuhgw8vnrNhc9xDHAcdl/O5LfaQ
xDq7tJLxLvbQR2kyVI/H/qbZ548FbpCszo1dSWabpy06QB+nepbttJU3W7Co
Sl5y8queFt7yGeZLWL9l/PbLI++TT2dZaiG83qKFEDnR8E/CXHsUCu2aED43
/CRqyDFsK2vwbVLS3Pkz8k6l03orD3s67wDTHdrmRKHhPZK1cJ0M4jvcOIhi
sB1d36dt5ivNn4SVTbF8TdgpAMOevMbLXZsj4Qxhh0mU/XA44fYRBr8uD8iU
58Z1A8Q+Ii8HOcMhT0V8wjqtK5NCiMT8K0ev7RrQiVNJRC+vIU0NrySR8561
9c/IawPkTvdSDLBuqypj2DmZgALXQyZQKJWDbDF92N6rtXF1xvOGGMSfIi8A
Imnjsp4ByL9rk9HbK1ZgO6eFow4JPNO2cyxxXq6qjV5oyhWzqf7qUt0XLO6v
g35Q9Cpp5wgpKK9t7pOLYvOpbYsgwQo4LKNX7TSd1ujAA9a9L70/vjvBd133
1mQw3rCQ4H3C5jMIQNaKAkSm6JfeSZ8lgrtsPR3KyC8781JpXxj076QGMmzI
agj5HjBJuoTv314T22/3esBqPbcUHAbn1FxXevSErGH8G0Ff6TxtkwgDy4m4
Dkqx5XImCKa4XXwMdM98WzJMmNcpQwXu2keb0xcFfbbdU+5GCEoXO7MT5VdL
uiDZKceR4duBWkU/rUmd7tM76e0VBKz3x4L+6f2OnfHQjv3Kf/cZYnjiimTQ
RRBIXkXXsS/DbedLZdVg8pvQv/3DfijoF+1zWuU5Y605gANPb9wgBo5v2H/D
0SS7lJUuKx/mnnt7HLwb+4WM5o/MNHx51Gc3cz4byTJfQ4HFMkBMLxBzeo+g
YeExED/3ADcsAgXML1yKfeha+xn1M6GTZNtzfrK6RJkDu32D99W9r7wrqG+s
NolmTwZHJ4ArAM6J31fi+CPqVyuzkcxcTm2NQyD9KGOtwzGBZWriVB7vUTc/
aUBKiclp2GEzWyQefER9AOPlSHKJa9r0rOjV5otnQmO+wjbAeSmS1ORez7SV
AL57eYNJwEufUX+DwQw38HdCDzBR2YCtfpZXqIkAx6Yl9hHmRrtnOYnSfMac
Tu6PM3xG/TV13iJ+NaJXnl3Lhu5tYCKFeCWrwkXcgZSxFMOKD7xNFXrOCdyi
f2rhqwdPkuqnRSee4iIjlHuoxtBhnzOrozDftnyNRu1+3MW7JzICeen5uIg7
FAYgMKrIcp7ZCzdbls5qoH9lSxTll5BA5Hs1TICu16Xw3Ml3uj+F7PkRr+RL
0OtjOhB5KdXtY3eCzKvrbycbQJ5DcfOphDZYS9v8c7Hgbz75/dvmX0gEu/3M
9wbc7XnnQfYzdbPltTMtfIMwZcpLyzJL1he538ZRoJm9tN/t3v0bkYiUVRf3
4vdK1YYA20TZ2LznsOK+Wrd52YZlgv9Udrrw9Owz1t2v/G/kk1juWct7bUBo
cfRzKsu5ijfyD3TiAhSyjzgPt715z7Nrt6P6acbc9VX9TOTAoQZYv7I4a/Aq
+DlOs8C3L81pjAOgJLbPrXIEOQ/sypZUGPbHFIJDJYacnYwC5NoaNAEEX3lv
S3I2HzavLa6tODALVxQmbRfn5dQudX0BiZAJcsCbroVAPNAmwTB7IdC8NSab
9w5ScWCotFw0PJ2dP8oaA+1+az/Tl6cUMJ+C9udq6laoo/3ayUdeIe/vNQzs
01ZPjhNhwQEtABdxLZKp9/U55HbU8yFoq+K5ViteuLPygPZ+PoQAIr4X27e/
QBx2NuWSQT6PRTl27/OZUryBTTvbCEd0vANM+pogEn50ASUDlPi/iXRwQtau
OV5byMzr1ZKdnP6ZUi6oq+0oUwGJAaV92JE8jh3590wEckfGnNgHSvJFgd1a
lWsaCLu9f04pEA3Sw91aggcaJziV0VigxDiHmGAEfeX88lZGkNNe+s4SyDLh
Yf5kr+K+04+lzKJyaYGAXYosjGC/s/eK5MkG4lww0yvbCpDgNENa1cL1U0q5
nzPutatxGoxGzg3Vmc9cADVJa9CyHn1WwK/3zfZsqn80OwjCPj9Hho5IFhm6
eUGCzlhlg3XZMDEWu9iomL3IutUxheyfrZNj68lSxKCt2WdKsaY9+LE2eVxp
boW08l27IodrmrQu/SkCu+TppN37UqU0D2crFWX/y9nR79+xv85m3jRfN1Sr
3KqWs3praWhMaC86ppGieXRDsyeQiKcKg5a9QdnMeX735v5vxI6e08meBbC5
tr2az3uJpJfWDX2uC5IQ+muhq5SOuRQcNKcTXO2sT/o3shmMhId9NWaesN4+
jPs6bTUTxb6XCw5rKl1NQLpYIzZO7usGjBQ28hdls9k3UEpK/BAWOM6ZVyim
OzvH3dz5tpbBFdis4AsNJtYlbeGowJB/7C4jaaPKX7v5FGX7Hn4MKZqE6oBW
5bcttXXodGUPTwW3L/vyF38vzN/fnQvb4QNZbVBJYjPx4xwhhJXNYhTWVqAF
3eEzvJCwtUDVM3vMqsD4fbX/D66MY1X1pgIA
context vs. Context
(e.g., Context structure vs. context string)
--> -->
<!-- [rfced] Please review the "Inclusive Language" portion of the online
Style Guide <https://www.rfc-editor.org/styleguide/part2/#inclusive_language>
and let us know if any changes are needed.
In addition, please consider whether "traditional" should be updated for clarity
.
While the NIST website
<https://www.nist.gov/nist-research-library/nist-technical-series-publications-a
uthor-instructions#table1>
indicates that this term is potentially biased, it is also ambiguous.
"Tradition" is a subjective term, as it is not the same for everyone.
</back>
</rfc> </rfc>
 End of changes. 622 change blocks. 
2030 lines changed or deleted 3654 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/