<?xmlversion='1.0' encoding='utf-8'?> <?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?> <!-- generated by https://github.com/cabo/kramdown-rfc2629 version 1.4.14 -->version="1.0" encoding="UTF-8"?> <!DOCTYPE rfcSYSTEM "rfc2629-xhtml.ent"> <?rfc toc="yes"?> <?rfc sortrefs="yes"?> <?rfc symrefs="yes"?>[ <!ENTITY nbsp " "> <!ENTITY zwsp "​"> <!ENTITY nbhy "‑"> <!ENTITY wj "⁠"> ]> <rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-irtf-cfrg-hpke-12"category="info"number="9180" obsoletes="" updates=""submissionType="IETF"submissionType="IRTF" category="info" consensus="true" xml:lang="en" tocInclude="true" sortRefs="true" symRefs="true" version="3"> <!-- xml2rfc v2v3 conversion 2.42.0 --> <front> <title abbrev="HPKE">Hybrid Public Key Encryption</title> <seriesInfoname="Internet-Draft" value="draft-irtf-cfrg-hpke-12"/>name="RFC" value="9180"/> <authorinitials="R.L."initials="R." surname="Barnes" fullname="Richard L. Barnes"> <organization>Cisco</organization> <address> <email>rlb@ipv.sx</email> </address> </author> <author initials="K." surname="Bhargavan" fullname="Karthik Bhargavan"> <organization>Inria</organization> <address> <email>karthikeyan.bhargavan@inria.fr</email> </address> </author> <author initials="B." surname="Lipp" fullname="Benjamin Lipp"> <organization>Inria</organization> <address> <email>ietf@benjaminlipp.de</email> </address> </author> <authorinitials="C.A."initials="C." surname="Wood" fullname="Christopher A. Wood"> <organization>Cloudflare</organization> <address> <email>caw@heapingbits.net</email> </address> </author> <dateyear="2021" month="September" day="02"/> <workgroup>Internet Research Task Force (IRTF)</workgroup> <keyword>Internet-Draft</keyword>year="2022" month="February"/> <workgroup>Crypto Forum</workgroup> <keyword>public key encryption</keyword> <keyword>key encapsulation</keyword> <keyword>post-quantum public key encryption</keyword> <abstract> <t>This document describes a scheme for hybridpublic-keypublic key encryption (HPKE). This scheme provides a variant ofpublic-keypublic key encryption of arbitrary-sized plaintexts for a recipient public key. It also includes three authenticated variants, including onewhichthat authenticates possession of a pre-sharedkey,key and two optional oneswhichthat authenticate possession of aKEMkey encapsulation mechanism (KEM) private key. HPKE works for any combination of an asymmetrickey encapsulation mechanism (KEM),KEM, key derivation function (KDF), and authenticated encryption with additional data (AEAD) encryption function. Some authenticated variants may not be supported by all KEMs. We provide instantiations of the scheme using widely used and efficient primitives, such as Elliptic Curve Diffie-Hellman (ECDH) key agreement,HKDF,HMAC-based key derivation function (HKDF), and SHA2.</t> <t>This document is a product of the Crypto Forum Research Group (CFRG) in the IRTF.</t> </abstract> </front> <middle> <section anchor="introduction" numbered="true" toc="default"> <name>Introduction</name> <t>Encryption schemes that combine asymmetric and symmetric algorithms have been specified and practiced since the early days ofpublic-keypublic key cryptography, e.g., <xref target="RFC1421" format="default"/>. Combining the two yields the key management advantages of asymmetric cryptography and the performance benefits of symmetric cryptography. The traditional combination has been "encrypt the symmetric key with the public key." "Hybrid"public-keypublic key encryptionschemes (HPKE),(HPKE) schemes, specified here, take a different approach: "generate the symmetric key and its encapsulation with the public key." Specifically, encrypted messages convey an encryption key encapsulated with apublic-keypublic key scheme, along with one or more arbitrary-sized ciphertexts encrypted using that key. This type of public key encryption has many applications in practice, including Messaging Layer Security <xref target="I-D.ietf-mls-protocol" format="default"/> and TLS Encrypted ClientHello <xref target="I-D.ietf-tls-esni" format="default"/>.</t> <t>Currently, there are numerous competing and non-interoperable standards and variants for hybrid encryption, mostlybasedvariants onECIES,the Elliptic Curve Integrated Encryption Scheme (ECIES), including ANSI X9.63 (ECIES) <xref target="ANSI" format="default"/>, IEEE 1363a <xref target="IEEE1363" format="default"/>, ISO/IEC 18033-2 <xref target="ISO" format="default"/>, and SECG SEC 1 <xref target="SECG" format="default"/>. See <xref target="MAEA10" format="default"/> for a thorough comparison. All these existing schemes have problems, e.g., because they rely on outdated primitives, lack proofs ofIND-CCA2indistinguishable (adaptive) chosen-ciphertext attack (IND-CCA2) security, or fail to provide test vectors.</t> <t>This document defines an HPKE scheme that provides a subset of the functions provided by the collection of schemesabove,above but specified with sufficient clarity that they can be interoperably implemented. The HPKE construction defined herein is secure against (adaptive) chosen ciphertext attacks(IND-CCA2 secure)(IND-CCA2-secure) under classical assumptions about the underlying primitives <xref target="HPKEAnalysis"format="default"/>,format="default"/> <xref target="ABHKLR20" format="default"/>. A summary of these analyses is in <xref target="sec-properties" format="default"/>.</t> <t>This document represents the consensus of the Crypto Forum Research Group (CFRG).</t> </section> <section anchor="requirements-notation" numbered="true" toc="default"> <name>Requirements Notation</name> <t>The key words"MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY","<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>", "<bcp14>MAY</bcp14>", and"OPTIONAL""<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as described in BCP 14 <xreftarget="RFC2119" format="default"/>target="RFC2119"/> <xreftarget="RFC8174" format="default"/>target="RFC8174"/> when, and only when, they appear in all capitals, as shown here.</t> </section> <section anchor="notation" numbered="true" toc="default"> <name>Notation</name> <t>The following terms are used throughout this document to describe the operations, roles, and behaviors of HPKE:</t><ul<dl newline="false" spacing="normal"><li> <tt>(skX, pkX)</tt>: A Key Encapsulation Mechanism<dt><tt>(skX, pkX)</tt>:</dt> <dd>A key encapsulation mechanism (KEM) key pair used in role X, where X is one of S, R, or E as sender, recipient, and ephemeral, respectively; <tt>skX</tt> is the private key and <tt>pkX</tt> is the publickey.</li> <li> <tt>pk(skX)</tt>: Thekey.</dd> <dt><tt>pk(skX)</tt>:</dt> <dd>The KEM public key corresponding to the KEM private key<tt>skX</tt>.</li> <li>Sender (S): Role<tt>skX</tt>.</dd> <dt>Sender (S):</dt> <dd>Role of entitywhichthat sends an encryptedmessage.</li> <li>Recipient (R): Rolemessage.</dd> <dt>Recipient (R):</dt> <dd>Role of entitywhichthat receives an encryptedmessage.</li> <li>Ephemeral (E): Rolemessage.</dd> <dt>Ephemeral (E):</dt> <dd>Role of a fresh random value meant for one-timeuse.</li> <li> <tt>I2OSP(n, w)</tt>: Convertuse.</dd> <dt><tt>I2OSP(n, w)</tt>:</dt> <dd>Convert non-negative integer <tt>n</tt> to a <tt>w</tt>-length, big-endian bytestringstring, as described in <xref target="RFC8017"format="default"/>.</li> <li> <tt>OS2IP(x)</tt>: Convertformat="default"/>.</dd> <dt><tt>OS2IP(x)</tt>:</dt> <dd>Convert byte string <tt>x</tt> to a non-negativeintegerinteger, as described in <xref target="RFC8017" format="default"/>, assuming big-endian byteorder.</li> <li> <tt>concat(x0,order.</dd> <dt><tt>concat(x0, ...,xN)</tt>: ConcatenationxN)</tt>:</dt> <dd>Concatenation of byte strings. <tt>concat(0x01, 0x0203, 0x040506) =0x010203040506</tt>.</li> <li> <tt>random(n)</tt>: A0x010203040506</tt>.</dd> <dt><tt>random(n)</tt>:</dt> <dd>A pseudorandom byte string of length <tt>n</tt>bytes</li> <li> <tt>xor(a,b)</tt>: XORbytes</dd> <dt><tt>xor(a,b)</tt>:</dt> <dd>XOR of byte strings; <tt>xor(0xF0F0, 0x1234) = 0xE2C4</tt>. It is an error to call this function with two arguments of unequallength.</li> </ul>length.</dd> </dl> </section> <section anchor="base-crypto" numbered="true" toc="default"> <name>Cryptographic Dependencies</name> <t>HPKE variants rely on the following primitives:</t> <ul spacing="normal"> <li> <t>AKey Encapsulation Mechanism (KEM): </t>key encapsulation mechanism (KEM):</t> <ul spacing="normal"> <li> <tt>GenerateKeyPair()</tt>: Randomized algorithm to generate a key pair <tt>(skX, pkX)</tt>.</li><li> <tt>DeriveKeyPair(ikm)</tt>:<li><tt>DeriveKeyPair(ikm)</tt>: Deterministic algorithm to derive a key pair <tt>(skX, pkX)</tt> from the byte string <tt>ikm</tt>, where <tt>ikm</tt>SHOULD<bcp14>SHOULD</bcp14> have at least <tt>Nsk</tt> bytes of entropy (see <xref target="derive-key-pair" format="default"/> for discussion).</li><li> <tt>SerializePublicKey(pkX)</tt>:<li><tt>SerializePublicKey(pkX)</tt>: Produce a byte string of length <tt>Npk</tt> encoding the public key <tt>pkX</tt>.</li><li> <tt>DeserializePublicKey(pkXm)</tt>:<li><tt>DeserializePublicKey(pkXm)</tt>: Parse a byte string of length <tt>Npk</tt> to recover a public key. This function can raise a <tt>DeserializeError</tt> error upon <tt>pkXm</tt> deserialization failure.</li><li> <tt>Encap(pkR)</tt>:<li><tt>Encap(pkR)</tt>: Randomized algorithm to generate an ephemeral, fixed-length symmetric key (the KEM shared secret) and a fixed-length encapsulation of that key that can be decapsulated by the holder of the private key corresponding to <tt>pkR</tt>. This function can raise an <tt>EncapError</tt> on encapsulation failure.</li><li> <tt>Decap(enc,<li><tt>Decap(enc, skR)</tt>: Deterministic algorithm using the private key <tt>skR</tt> to recover the ephemeral symmetric key (the KEM shared secret) from its encapsulated representation <tt>enc</tt>. This function can raise a <tt>DecapError</tt> on decapsulation failure.</li><li> <tt>AuthEncap(pkR,<li><tt>AuthEncap(pkR, skS)</tt> (optional): Same as <tt>Encap()</tt>, and the outputs encode an assurance that the KEM shared secret was generated by the holder of the private key <tt>skS</tt>.</li><li> <tt>AuthDecap(enc,<li><tt>AuthDecap(enc, skR, pkS)</tt> (optional): Same as <tt>Decap()</tt>, and the recipient is assured that the KEM shared secret was generated by the holder of the private key <tt>skS</tt>.</li><li> <tt>Nsecret</tt>:<li><tt>Nsecret</tt>: The length in bytes of a KEM shared secret produced by this KEM.</li><li> <tt>Nenc</tt>:<li><tt>Nenc</tt>: The length in bytes of an encapsulated key produced by this KEM.</li><li> <tt>Npk</tt>:<li><tt>Npk</tt>: The length in bytes of an encoded public key for this KEM.</li><li> <tt>Nsk</tt>:<li><tt>Nsk</tt>: The length in bytes of an encoded private key for this KEM.</li> </ul> </li> <li> <t>AKey Derivation Function (KDF): </t>key derivation function (KDF):</t> <ul spacing="normal"><li> <tt>Extract(salt,<li><tt>Extract(salt, ikm)</tt>: Extract a pseudorandom key of fixed length <tt>Nh</tt> bytes from input keying material <tt>ikm</tt> and an optional byte string <tt>salt</tt>.</li><li> <tt>Expand(prk,<li><tt>Expand(prk, info, L)</tt>: Expand a pseudorandom key <tt>prk</tt> using optional string <tt>info</tt> into <tt>L</tt> bytes of output keying material.</li><li> <tt>Nh</tt>:<li><tt>Nh</tt>: The output size of the <tt>Extract()</tt> function in bytes.</li> </ul> </li> <li> <t>An AEAD encryption algorithm <xref target="RFC5116"format="default"/>: </t>format="default"/>:</t> <ul spacing="normal"><li> <tt>Seal(key,<li><tt>Seal(key, nonce, aad, pt)</tt>: Encrypt and authenticate plaintext <tt>pt</tt> with associated data <tt>aad</tt> using symmetric key <tt>key</tt> and nonce <tt>nonce</tt>, yielding ciphertext and tag <tt>ct</tt>. This function can raise a <tt>MessageLimitReachedError</tt> upon failure.</li><li> <tt>Open(key,<li><tt>Open(key, nonce, aad, ct)</tt>: Decrypt ciphertext and tag <tt>ct</tt> using associated data <tt>aad</tt> with symmetric key <tt>key</tt> and nonce <tt>nonce</tt>, returning plaintext message <tt>pt</tt>. This function can raise an <tt>OpenError</tt> or <tt>MessageLimitReachedError</tt> upon failure.</li><li> <tt>Nk</tt>:<li><tt>Nk</tt>: The length in bytes of a key for this algorithm.</li><li> <tt>Nn</tt>:<li><tt>Nn</tt>: The length in bytes of a nonce for this algorithm.</li><li> <tt>Nt</tt>:<li><tt>Nt</tt>: The length in bytes of the authentication tag for this algorithm.</li> </ul> </li> </ul> <t>Beyond the above, a KEMMAY<bcp14>MAY</bcp14> also expose the following functions, whose behavior is detailed in <xref target="serializeprivatekey" format="default"/>:</t> <ul spacing="normal"><li> <tt>SerializePrivateKey(skX)</tt>:<li><tt>SerializePrivateKey(skX)</tt>: Produce a byte string of length <tt>Nsk</tt> encoding the private key <tt>skX</tt>.</li><li> <tt>DeserializePrivateKey(skXm)</tt>:<li><tt>DeserializePrivateKey(skXm)</tt>: Parse a byte string of length <tt>Nsk</tt> to recover a private key. This function can raise a <tt>DeserializeError</tt> error upon <tt>skXm</tt> deserialization failure.</li> </ul> <t>A <em>ciphersuite</em> is a triple (KEM, KDF, AEAD) containing a choice of algorithm for each primitive.</t> <t>A set of algorithm identifiers for concrete instantiations of these primitives is provided in <xref target="ciphersuites" format="default"/>. Algorithm identifier values are two bytes long.</t> <t>Note that <tt>GenerateKeyPair</tt> can be implemented as <tt>DeriveKeyPair(random(Nsk))</tt>.</t> <t>The notation <tt>pk(skX)</tt>, depending on its use and the KEM and its implementation, is either the computation of the public key using the private key, or just syntax expressing the retrieval of the publickeykey, assuming it is stored along with the private key object.</t> <t>The following two functions are defined to facilitate domain separation of KDF calls as well as context binding:</t><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="pseudocode"><![CDATA[ def LabeledExtract(salt, label, ikm): labeled_ikm = concat("HPKE-v1", suite_id, label, ikm) return Extract(salt, labeled_ikm) def LabeledExpand(prk, label, info, L): labeled_info = concat(I2OSP(L, 2), "HPKE-v1", suite_id, label, info) return Expand(prk, labeled_info, L)]]></artwork>]]></sourcecode> <t>The value of <tt>suite_id</tt> depends on where the KDF is used; it is assumed implicit from the implementation and not passed as a parameter. If used inside a KEM algorithm, <tt>suite_id</tt>MUST<bcp14>MUST</bcp14> start with "KEM" and identify this KEM algorithm; if used in the remainder of HPKE, itMUST<bcp14>MUST</bcp14> start with "HPKE" and identify the entire ciphersuite in use. SeesectionsSections <xref target="dhkem"format="default"/>format="counter"/> and <xref target="encryption-context"format="default"/>format="counter"/> for details.</t> <section anchor="dhkem" numbered="true" toc="default"> <name>DH-BasedKEM</name>KEM (DHKEM)</name> <t>Suppose we are given a KDF, and a Diffie-Hellman (DH) group providing the following operations:</t> <ul spacing="normal"><li> <tt>DH(skX,<li><tt>DH(skX, pkY)</tt>: Perform a non-interactive Diffie-Hellman exchange using the private key <tt>skX</tt> and public key <tt>pkY</tt> to produce a Diffie-Hellman shared secret of length <tt>Ndh</tt>. This function can raise a <tt>ValidationError</tt> as described in <xref target="validation" format="default"/>.</li><li> <tt>Ndh</tt>:<li><tt>Ndh</tt>: The length in bytes of a Diffie-Hellman shared secret produced by <tt>DH()</tt>.</li><li> <tt>Nsk</tt>:<li><tt>Nsk</tt>: The length in bytes of a Diffie-Hellman private key.</li> </ul> <t>Then we can construct a KEM that implements the interface defined in <xref target="base-crypto" format="default"/> called <tt>DHKEM(Group, KDF)</tt> in the following way, where <tt>Group</tt> denotes the Diffie-Hellman group and <tt>KDF</tt> denotes the KDF. The function parameters <tt>pkR</tt> and <tt>pkS</tt> are deserialized public keys, and <tt>enc</tt> is a serialized public key. Since encapsulated keys are Diffie-Hellman public keys in this KEM algorithm, we use <tt>SerializePublicKey()</tt> and <tt>DeserializePublicKey()</tt> to encode and decode them, respectively. <tt>Npk</tt> equals <tt>Nenc</tt>. <tt>GenerateKeyPair()</tt> produces a key pair for the Diffie-Hellman group in use. <xref target="derive-key-pair" format="default"/> contains the <tt>DeriveKeyPair()</tt> function specification for DHKEMs defined in this document.</t><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="pseudocode"><![CDATA[ def ExtractAndExpand(dh, kem_context): eae_prk = LabeledExtract("", "eae_prk", dh) shared_secret = LabeledExpand(eae_prk, "shared_secret", kem_context, Nsecret) return shared_secret def Encap(pkR): skE, pkE = GenerateKeyPair() dh = DH(skE, pkR) enc = SerializePublicKey(pkE) pkRm = SerializePublicKey(pkR) kem_context = concat(enc, pkRm) shared_secret = ExtractAndExpand(dh, kem_context) return shared_secret, enc def Decap(enc, skR): pkE = DeserializePublicKey(enc) dh = DH(skR, pkE) pkRm = SerializePublicKey(pk(skR)) kem_context = concat(enc, pkRm) shared_secret = ExtractAndExpand(dh, kem_context) return shared_secret def AuthEncap(pkR, skS): skE, pkE = GenerateKeyPair() dh = concat(DH(skE, pkR), DH(skS, pkR)) enc = SerializePublicKey(pkE) pkRm = SerializePublicKey(pkR) pkSm = SerializePublicKey(pk(skS)) kem_context = concat(enc, pkRm, pkSm) shared_secret = ExtractAndExpand(dh, kem_context) return shared_secret, enc def AuthDecap(enc, skR, pkS): pkE = DeserializePublicKey(enc) dh = concat(DH(skR, pkE), DH(skR, pkS)) pkRm = SerializePublicKey(pk(skR)) pkSm = SerializePublicKey(pkS) kem_context = concat(enc, pkRm, pkSm) shared_secret = ExtractAndExpand(dh, kem_context) return shared_secret]]></artwork>]]></sourcecode> <t>The implicit <tt>suite_id</tt> value used within <tt>LabeledExtract</tt> and <tt>LabeledExpand</tt> is defined as follows, where <tt>kem_id</tt> is defined in <xref target="kem-ids" format="default"/>:</t><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="pseudocode"><![CDATA[ suite_id = concat("KEM", I2OSP(kem_id, 2))]]></artwork>]]></sourcecode> <t>The KDF used in DHKEM can be equal to or different from the KDF used in the remainder of HPKE, depending on the chosen variant. ImplementationsMUST<bcp14>MUST</bcp14> make sure to use the constants (<tt>Nh</tt>) and function calls(<tt>LabeledExtract</tt>,(<tt>LabeledExtract</tt> and <tt>LabeledExpand</tt>) of the appropriate KDF when implementing DHKEM. See <xref target="kdf-choice" format="default"/> for a comment on the choice of a KDF for the remainder of HPKE, and <xref target="domain-separation" format="default"/> for the rationale of the labels.</t> <t>For the variants of DHKEM defined in this document, the size <tt>Nsecret</tt> of the KEM shared secret is equal to the output length of the hash function underlying the KDF. For P-256,P-384P-384, and P-521, the size <tt>Ndh</tt> of the Diffie-Hellman shared secret is equal to 32, 48, and 66, respectively, corresponding to the x-coordinate of the resulting elliptic curve point <xref target="IEEE1363" format="default"/>. For X25519 and X448, the size <tt>Ndh</tt>ofis equal to 32 and 56, respectively (see <xref target="RFC7748"format="default"/>, Section 5).</t>section="5" sectionFormat="comma" format="default"/>).</t> <t>It is important to note that the <tt>AuthEncap()</tt> and <tt>AuthDecap()</tt> functions of the DHKEM variants defined in this document are vulnerable to key-compromise impersonation (KCI). This means the assurance that the KEM shared secret was generated by the holder of the private key <tt>skS</tt> does not hold if the recipient private key <tt>skR</tt> is compromised. See <xref target="sec-properties" format="default"/> for more details.</t> <t>Senders and recipientsMUST<bcp14>MUST</bcp14> validate KEM inputs and outputs as described in <xref target="kem-ids" format="default"/>.</t> </section> </section> <section anchor="hpke" numbered="true" toc="default"> <name>Hybrid Public Key Encryption</name> <t>In this section, we define a few HPKE variants. All variants take a recipient public key and a sequence of plaintexts<tt>pt</tt>,<tt>pt</tt> and produce an encapsulated key <tt>enc</tt> and a sequence of ciphertexts <tt>ct</tt>. These outputs are constructed so that only the holder of <tt>skR</tt> can decapsulate the key from <tt>enc</tt> and decrypt the ciphertexts. All the algorithms also take an <tt>info</tt> parameter that can be used to influence the generation of keys (e.g., to fold in identity information) and an <tt>aad</tt> parameter that providesAdditional Authenticated Dataadditional authenticated data to the AEAD algorithm in use.</t> <t>In addition to the base case of encrypting to a public key, we include three authenticatedvariants,variants: onewhichthat authenticates possession of a pre-shared key, onewhichthat authenticates possession of a KEM private key, and onewhichthat authenticates possession of both a pre-shared key and a KEM private key. All authenticated variants contribute additional keying material to the encryption operation. The following one-byte values will be used to distinguish between modes:</t> <table anchor="hpke-modes" align="center"> <name>HPKE Modes</name> <thead> <tr> <th align="left">Mode</th> <th align="left">Value</th> </tr> </thead> <tbody> <tr> <td align="left">mode_base</td> <td align="left">0x00</td> </tr> <tr> <td align="left">mode_psk</td> <td align="left">0x01</td> </tr> <tr> <td align="left">mode_auth</td> <td align="left">0x02</td> </tr> <tr> <td align="left">mode_auth_psk</td> <td align="left">0x03</td> </tr> </tbody> </table> <t>All these cases follow the same basic two-step pattern:</t> <ol spacing="normal" type="1"> <li>Set up an encryption context that is shared between the sender and the recipient.</li> <li>Use that context to encrypt or decrypt content.</li> </ol> <t>A <em>context</em> is an implementation-specific structure that encodes the AEAD algorithm and key in use, and manages the nonces used so that the same nonce is not used with multiple plaintexts. It also has an interface for exporting secret values, as described in <xref target="hpke-export" format="default"/>. See <xref target="hpke-dem" format="default"/> for a description of this structure and its interfaces. HPKE decryption fails when the underlying AEAD decryption fails.</t> <t>The constructions described here presume that the relevant non-private parameters (<tt>enc</tt>, <tt>psk_id</tt>, etc.) are transported between the sender and the recipient by some application making use of HPKE. Moreover, a recipient with more than one public key needs some way of determining which of its public keys was used for the encapsulation operation. As an example, applications may send this information alongside a ciphertext from the sender to the recipient. Specification of such a mechanism is left to the application. See <xref target="message-encoding" format="default"/> for more details.</t> <t>Note that some KEMs may not support <tt>AuthEncap()</tt> or <tt>AuthDecap()</tt>. For such KEMs, only <tt>mode_base</tt> or <tt>mode_psk</tt> are supported. Future specifications which define new KEMsMUST<bcp14>MUST</bcp14> indicate whether these modes are supported. See <xref target="future-kems" format="default"/> for more details.</t> <t>The procedures described in this section are laid out in a Python-like pseudocode. The algorithms in use are left implicit.</t> <section anchor="encryption-context" numbered="true" toc="default"> <name>Creating the Encryption Context</name> <t>The variants of HPKE defined in this document share a common key schedule that translates the protocol inputs into an encryption context. The key schedule inputs are as follows:</t> <ul spacing="normal"><li> <tt>mode</tt> -<li><tt>mode</tt>: A one-byte value indicating the HPKE mode, defined in <xref target="hpke-modes" format="default"/>.</li><li> <tt>shared_secret</tt> -<li><tt>shared_secret</tt>: A KEM shared secret generated for this transaction.</li><li> <tt>info</tt> -<li><tt>info</tt>: Application-supplied information (optional; default value "").</li><li> <tt>psk</tt> -<li><tt>psk</tt> A pre-shared key (PSK) held by both the sender and the recipient (optional; default value "").</li><li> <tt>psk_id</tt> -<li><tt>psk_id</tt>: An identifier for the PSK (optional; default value "").</li> </ul> <t>Senders and recipientsMUST<bcp14>MUST</bcp14> validate KEM inputs and outputs as described in <xref target="kem-ids" format="default"/>.</t> <t>The <tt>psk</tt> and <tt>psk_id</tt> fieldsMUST<bcp14>MUST</bcp14> appear together or not at all. That is, if a non-default value is provided for one of them, then the otherMUST<bcp14>MUST</bcp14> be set to a non-default value. This requirement is encoded in <tt>VerifyPSKInputs()</tt> below.</t> <t>The <tt>psk</tt>, <tt>psk_id</tt>, and <tt>info</tt> fields have maximum lengths that depend on the KDF itself, on the definition of <tt>LabeledExtract()</tt>, and on the constant labels used together with them. See <xref target="kdf-input-length" format="default"/> for precise limits on these lengths.</t> <t>The <tt>key</tt>, <tt>base_nonce</tt>, and <tt>exporter_secret</tt> computed by the key schedule have the property that they are only known to the holder of the recipient private key, and the entity that used the KEM to generate <tt>shared_secret</tt> and <tt>enc</tt>.</t> <t>In the Auth and AuthPSK modes, the recipient is assured that the sender held the private key <tt>skS</tt>. This assurance is limited for the DHKEM variants defined in this document because of key-compromise impersonation, as described in Sections <xref target="dhkem"format="default"/>format="counter"/> and <xref target="sec-properties"format="default"/>.format="counter"/>. If in the PSK and AuthPSK modes, the <tt>psk</tt> and <tt>psk_id</tt> arguments are provided as required, then the recipient is assured that the sender held the corresponding pre-shared key. See <xref target="sec-properties" format="default"/> for more details.</t> <t>The HPKE algorithm identifiers, i.e., the KEM <tt>kem_id</tt>, KDF <tt>kdf_id</tt>, and AEAD <tt>aead_id</tt> 2-byte codepointspoints, as defined in Tables <xref target="kemid-values"format="default"/>,format="counter"/>, <xref target="kdfid-values"format="default"/>,format="counter"/>, and <xref target="aeadid-values"format="default"/>,format="counter"/>, respectively, are assumed implicit from the implementation and not passed as parameters. The implicit <tt>suite_id</tt> value used within <tt>LabeledExtract</tt> and <tt>LabeledExpand</tt> is defined based on them as follows:</t><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="pseudocode"><![CDATA[ suite_id = concat( "HPKE", I2OSP(kem_id, 2), I2OSP(kdf_id, 2), I2OSP(aead_id, 2) )]]></artwork> <artwork]]></sourcecode> <sourcecode name=""type="" align="left" alt=""><![CDATA[type="pseudocode"><![CDATA[ default_psk = "" default_psk_id = "" def VerifyPSKInputs(mode, psk, psk_id): got_psk = (psk != default_psk) got_psk_id = (psk_id != default_psk_id) if got_psk != got_psk_id: raise Exception("Inconsistent PSK inputs") if got_psk and (mode in [mode_base, mode_auth]): raise Exception("PSK input provided when not needed") if (not got_psk) and (mode in [mode_psk, mode_auth_psk]): raise Exception("Missing required PSK input") def KeySchedule<ROLE>(mode, shared_secret, info, psk, psk_id): VerifyPSKInputs(mode, psk, psk_id) psk_id_hash = LabeledExtract("", "psk_id_hash", psk_id) info_hash = LabeledExtract("", "info_hash", info) key_schedule_context = concat(mode, psk_id_hash, info_hash) secret = LabeledExtract(shared_secret, "secret", psk) key = LabeledExpand(secret, "key", key_schedule_context, Nk) base_nonce = LabeledExpand(secret, "base_nonce", key_schedule_context, Nn) exporter_secret = LabeledExpand(secret, "exp", key_schedule_context, Nh) return Context<ROLE>(key, base_nonce, 0, exporter_secret)]]></artwork>]]></sourcecode> <t>The <tt>ROLE</tt> template parameter is either S or R, depending on the role of sender or recipient, respectively. See <xref target="hpke-dem" format="default"/> for a discussion of the key schedule output, including the role-specific <tt>Context</tt> structure and its API.</t> <t>Note that the <tt>key_schedule_context</tt> construction in <tt>KeySchedule()</tt> is equivalent to serializing a structure of the following form in the TLS presentation syntax:</t><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="pseudocode"><![CDATA[ struct { uint8 mode; opaque psk_id_hash[Nh]; opaque info_hash[Nh]; } KeyScheduleContext;]]></artwork>]]></sourcecode> <section anchor="hpke-kem" numbered="true" toc="default"> <name>Encryption to a Public Key</name> <t>The most basic function of an HPKE scheme is to enable encryption to the holder of a given KEM private key. The <tt>SetupBaseS()</tt> and <tt>SetupBaseR()</tt> procedures establish contexts that can be used to encrypt and decrypt, respectively, for a given private key.</t> <t>The KEM shared secret is combined via the KDF with information describing the key exchange, as well as the explicit <tt>info</tt> parameter provided by the caller.</t> <t>The parameter <tt>pkR</tt> is a public key, and <tt>enc</tt> is an encapsulated KEM shared secret.</t><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type=""><![CDATA[ def SetupBaseS(pkR, info): shared_secret, enc = Encap(pkR) return enc, KeyScheduleS(mode_base, shared_secret, info, default_psk, default_psk_id) def SetupBaseR(enc, skR, info): shared_secret = Decap(enc, skR) return KeyScheduleR(mode_base, shared_secret, info, default_psk, default_psk_id)]]></artwork>]]></sourcecode> </section> <section anchor="mode-psk" numbered="true" toc="default"> <name>AuthenticationusingUsing a Pre-Shared Key</name> <t>This variant extends the base mechanism by allowing the recipient to authenticate that the sender possessed a given PSK. The PSK also improves confidentiality guarantees in certain adversary models, as described in more detail in <xref target="sec-properties" format="default"/>. We assume that both parties have been provisioned with both the PSK value <tt>psk</tt> and another byte string <tt>psk_id</tt> that is used to identify which PSK should be used.</t> <t>The primary difference from the base case is that the <tt>psk</tt> and <tt>psk_id</tt> values are used as <tt>ikm</tt> inputs to the KDF (instead of using the empty string).</t> <t>The PSKMUST<bcp14>MUST</bcp14> have at least 32 bytes of entropy andSHOULD<bcp14>SHOULD</bcp14> be of length <tt>Nh</tt> bytes or longer. See <xref target="security-psk" format="default"/> for a more detailed discussion.</t><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="pseudocode"><![CDATA[ def SetupPSKS(pkR, info, psk, psk_id): shared_secret, enc = Encap(pkR) return enc, KeyScheduleS(mode_psk, shared_secret, info, psk, psk_id) def SetupPSKR(enc, skR, info, psk, psk_id): shared_secret = Decap(enc, skR) return KeyScheduleR(mode_psk, shared_secret, info, psk, psk_id)]]></artwork>]]></sourcecode> </section> <section anchor="mode-auth" numbered="true" toc="default"> <name>AuthenticationusingUsing an Asymmetric Key</name> <t>This variant extends the base mechanism by allowing the recipient to authenticate that the sender possessed a given KEM private key. This is because <tt>AuthDecap(enc, skR, pkS)</tt> produces the correct KEM shared secret only if the encapsulated value <tt>enc</tt> was produced by <tt>AuthEncap(pkR, skS)</tt>, where <tt>skS</tt> is the private key corresponding to <tt>pkS</tt>. In other words, at most two entities (precisely two, in the case of DHKEM) could have produced this secret, so if the recipient is at most one, then the sender is the other with overwhelming probability.</t> <t>The primary difference from the base case is that the calls to <tt>Encap()</tt> and <tt>Decap()</tt> are replaced with calls to <tt>AuthEncap()</tt> and <tt>AuthDecap()</tt>, which add the sender public key to their internal context string. The function parameters <tt>pkR</tt> and <tt>pkS</tt> are public keys, and <tt>enc</tt> is an encapsulated KEM shared secret.</t> <t>Obviously, this variant can only be used with a KEM that provides <tt>AuthEncap()</tt> and <tt>AuthDecap()</tt> procedures.</t> <t>This mechanism authenticates only the key pair of the sender, not any other identifier. If an application wishes to bind HPKE ciphertexts or exported secrets to another identity for the sender (e.g., an email address or domain name), then this identifier should be included in the <tt>info</tt> parameter to avoid identitymis-bindingmisbinding issues <xref target="IMB" format="default"/>.</t><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="pseudocode"><![CDATA[ def SetupAuthS(pkR, info, skS): shared_secret, enc = AuthEncap(pkR, skS) return enc, KeyScheduleS(mode_auth, shared_secret, info, default_psk, default_psk_id) def SetupAuthR(enc, skR, info, pkS): shared_secret = AuthDecap(enc, skR, pkS) return KeyScheduleR(mode_auth, shared_secret, info, default_psk, default_psk_id)]]></artwork>]]></sourcecode> </section> <section anchor="mode-auth-psk" numbered="true" toc="default"> <name>Authenticationusing bothUsing Both a PSK and an Asymmetric Key</name> <t>This mode is a straightforward combination of the PSK and authenticated modes.TheLike the PSK mode, a PSK ispassed throughprovided as input to the keyschedule as in the former,schedule, andas in the latter, we uselike the authenticated mode, authenticated KEMvariants.</t> <artworkvariants are used.</t> <sourcecode name=""type="" align="left" alt=""><![CDATA[type="pseudocode"><![CDATA[ def SetupAuthPSKS(pkR, info, psk, psk_id, skS): shared_secret, enc = AuthEncap(pkR, skS) return enc, KeyScheduleS(mode_auth_psk, shared_secret, info, psk, psk_id) def SetupAuthPSKR(enc, skR, info, psk, psk_id, pkS): shared_secret = AuthDecap(enc, skR, pkS) return KeyScheduleR(mode_auth_psk, shared_secret, info, psk, psk_id)]]></artwork>]]></sourcecode> <t>The PSKMUST<bcp14>MUST</bcp14> have at least 32 bytes of entropy andSHOULD<bcp14>SHOULD</bcp14> be of length <tt>Nh</tt> bytes or longer. See <xref target="security-psk" format="default"/> for a more detailed discussion.</t> </section> </section> <section anchor="hpke-dem" numbered="true" toc="default"> <name>Encryption and Decryption</name> <t>HPKE allows multiple encryption operations to be done based on a given setup transaction. Since thepublic-keypublic key operations involved in setup are typically more expensive than symmetric encryption or decryption, this allows applications to amortize the cost of thepublic-keypublic key operations, reducing the overall overhead.</t> <t>In order to avoid nonce reuse, however, this encryption must be stateful. Each of the setup procedures above produces a role-specific context object that stores the AEAD andSecret Exportsecret export parameters. The AEAD parameters consist of:</t> <ul spacing="normal"> <li>The AEAD algorithm in use</li> <li>A secret <tt>key</tt></li> <li>A base nonce <tt>base_nonce</tt></li> <li>A sequence number (initially 0)</li> </ul> <t>TheSecret Exportsecret export parameters consist of:</t> <ul spacing="normal"> <li>The HPKE ciphersuite inuse</li>use and</li> <li>An <tt>exporter_secret</tt> used for theSecret Export interface; seesecret export interface (see <xref target="hpke-export"format="default"/></li>format="default"/>)</li> </ul> <t>All these parameters except the AEAD sequence number are constant. The sequence number provides nonce uniqueness: The nonce used for each encryption or decryption operation is the result of XORing <tt>base_nonce</tt> with the current sequence number, encoded as a big-endian integer of the same length as <tt>base_nonce</tt>. ImplementationsMAY<bcp14>MAY</bcp14> use a sequence number that is shorter than the nonce length (padding on the left with zero), butMUST<bcp14>MUST</bcp14> raise an error if the sequence number overflows. The AEAD algorithm produces ciphertext that is Nt bytes longer than the plaintext. Nt = 16 for AEAD algorithms defined in this document.</t> <t>Encryption is unidirectional from sender to recipient. The sender's context can encrypt a plaintext <tt>pt</tt> with associated data <tt>aad</tt> as follows:</t><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="pseudocode"><![CDATA[ def ContextS.Seal(aad, pt): ct = Seal(self.key, self.ComputeNonce(self.seq), aad, pt) self.IncrementSeq() return ct]]></artwork>]]></sourcecode> <t>The recipient's context can decrypt a ciphertext <tt>ct</tt> with associated data <tt>aad</tt> as follows:</t><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="pseudocode"><![CDATA[ def ContextR.Open(aad, ct): pt = Open(self.key, self.ComputeNonce(self.seq), aad, ct) if pt == OpenError: raise OpenError self.IncrementSeq() return pt]]></artwork>]]></sourcecode> <t>Each encryption or decryption operation increments the sequence number for the context in use. The per-message nonce and sequence number increment details are as follows:</t><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="pseudocode"><![CDATA[ def Context<ROLE>.ComputeNonce(seq): seq_bytes = I2OSP(seq, Nn) return xor(self.base_nonce, seq_bytes) def Context<ROLE>.IncrementSeq(): if self.seq >= (1 << (8*Nn)) - 1: raise MessageLimitReachedError self.seq += 1]]></artwork>]]></sourcecode> <t>The sender's contextMUST NOT<bcp14>MUST NOT</bcp14> be used for decryption. Similarly, the recipient's contextMUST NOT<bcp14>MUST NOT</bcp14> be used for encryption. Higher-level protocolsre-usingreusing the HPKE key exchange for more general purposes can derive separate keying material as needed using use theSecret Exportsecret export interface; see Sections <xref target="hpke-export"format="default"/>format="counter"/> and <xref target="bidirectional"format="default"/>format="counter"/> for more details.</t> <t>It is up to the application to ensure that encryptions and decryptions are done in the proper sequence, so that encryption and decryption nonces align. If <tt>ContextS.Seal()</tt> or <tt>ContextR.Open()</tt> would cause the <tt>seq</tt> field to overflow, then the implementationMUST<bcp14>MUST</bcp14> fail with an error. (In the pseudocode below, <tt>Context<ROLE>.IncrementSeq()</tt> fails with an error when <tt>seq</tt> overflows, which causes <tt>ContextS.Seal()</tt> and <tt>ContextR.Open()</tt> to fail accordingly.) Note that the internal <tt>Seal()</tt> and <tt>Open()</tt> calls inside correspond to the context's AEAD algorithm.</t> </section> <section anchor="hpke-export" numbered="true" toc="default"> <name>Secret Export</name> <t>HPKE provides an interface for exporting secrets from the encryption context using a variable-lengthPRF,pseudorandom function (PRF), similar to the TLS 1.3 exporter interface (see <xref target="RFC8446"format="default"/>, Section 7.5).section="7.5" sectionFormat="comma" format="default"/>). This interface takes as input a context string <tt>exporter_context</tt> and a desired length <tt>L</tt> in bytes, and produces a secret derived from the internal exporter secret using the corresponding KDF Expand function. For the KDFs defined in this specification, <tt>L</tt> has a maximum value of <tt>255*Nh</tt>. Future specificationswhichthat define new KDFsMUST<bcp14>MUST</bcp14> specify a bound for <tt>L</tt>.</t> <t>The <tt>exporter_context</tt> field has a maximum length that depends on the KDF itself, on the definition of <tt>LabeledExpand()</tt>, and on the constant labels used together with them. See <xref target="kdf-input-length" format="default"/> for precise limits on this length.</t><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="pseudocode"><![CDATA[ def Context.Export(exporter_context, L): return LabeledExpand(self.exporter_secret, "sec", exporter_context, L)]]></artwork>]]></sourcecode> <t>Applications that do not use the encryption API in <xref target="hpke-dem" format="default"/> can use the export-only AEAD ID <tt>0xFFFF</tt> when computing the key schedule. Such applications can avoid computing the <tt>key</tt> and <tt>base_nonce</tt> values in the key schedule, as they are not used by the Export interface described above.</t> </section> </section> <section anchor="single-shot-apis" numbered="true" toc="default"> <name>Single-Shot APIs</name> <section anchor="single-shot-encryption" numbered="true" toc="default"> <name>Encryption and Decryption</name> <t>In many cases, applications encrypt only a single message to a recipient's public key. This section provides templates for HPKE APIs that implement stateless "single-shot" encryption and decryption using APIs specified in Sections <xref target="hpke-kem"format="default"/>format="counter"/> and <xref target="hpke-dem"format="default"/>:</t> <artworkformat="counter"/>:</t> <sourcecode name=""type="" align="left" alt=""><![CDATA[type="pseudocode"><![CDATA[ def Seal<MODE>(pkR, info, aad, pt, ...): enc, ctx = Setup<MODE>S(pkR, info, ...) ct = ctx.Seal(aad, pt) return enc, ct def Open<MODE>(enc, skR, info, aad, ct, ...): ctx = Setup<MODE>R(enc, skR, info, ...) return ctx.Open(aad, ct)]]></artwork>]]></sourcecode> <t>The <tt>MODE</tt> template parameter is one of Base, PSK, Auth, or AuthPSK. The optional parameters indicated by "..." depend on <tt>MODE</tt> and may be empty.<tt>SetupBase()</tt>, forFor example, <tt>SetupBase()</tt> has no additional parameters. <tt>SealAuthPSK()</tt> and <tt>OpenAuthPSK()</tt> would be implemented as follows:</t><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="pseudocode"><![CDATA[ def SealAuthPSK(pkR, info, aad, pt, psk, psk_id, skS): enc, ctx = SetupAuthPSKS(pkR, info, psk, psk_id, skS) ct = ctx.Seal(aad, pt) return enc, ct def OpenAuthPSK(enc, skR, info, aad, ct, psk, psk_id, pkS): ctx = SetupAuthPSKR(enc, skR, info, psk, psk_id, pkS) return ctx.Open(aad, ct)]]></artwork>]]></sourcecode> </section> <section anchor="secret-export" numbered="true" toc="default"> <name>Secret Export</name> <t>Applications may also want to derive a secret known only to a given recipient. This section provides templates for HPKE APIs that implement stateless "single-shot" secret export using APIs specified in <xref target="hpke-export" format="default"/>:</t><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="pseudocode"><![CDATA[ def SendExport<MODE>(pkR, info, exporter_context, L, ...): enc, ctx = Setup<MODE>S(pkR, info, ...) exported = ctx.Export(exporter_context, L) return enc, exported def ReceiveExport<MODE>(enc, skR, info, exporter_context, L, ...): ctx = Setup<MODE>R(enc, skR, info, ...) return ctx.Export(exporter_context, L)]]></artwork>]]></sourcecode> <t>As in <xref target="single-shot-encryption" format="default"/>, the <tt>MODE</tt> template parameter is one of Base, PSK, Auth, or AuthPSK. The optional parameters indicated by "..." depend on <tt>MODE</tt> and may be empty.</t> </section> </section> <section anchor="ciphersuites" numbered="true" toc="default"> <name>Algorithm Identifiers</name> <t>This section lists algorithm identifiers suitable for different HPKE configurations. Future specifications may introduce new KEM, KDF, and AEAD algorithm identifiers and retain the security guarantees presented in this document provided they adhere to the security requirements in Sections <xref target="kem-security"format="default"/>,format="counter"/>, <xref target="kdf-choice"format="default"/>,format="counter"/>, and <xref target="aead-security"format="default"/>,format="counter"/>, respectively.</t> <section anchor="kem-ids" numbered="true" toc="default"> <name>Key Encapsulation Mechanisms (KEMs)</name> <table anchor="kemid-values" align="center"> <name>KEM IDs</name> <thead> <tr> <th align="left">Value</th> <th align="left">KEM</th> <th align="left">Nsecret</th> <th align="left">Nenc</th> <th align="left">Npk</th> <th align="left">Nsk</th> <th align="left">Auth</th> <th align="left">Reference</th> </tr> </thead> <tbody> <tr> <td align="left">0x0000</td> <tdalign="left">(reserved)</td>align="left">Reserved</td> <td align="left">N/A</td> <td align="left">N/A</td> <td align="left">N/A</td> <td align="left">N/A</td> <td align="left">yes</td> <tdalign="left">N/A</td>align="left">RFC 9180</td> </tr> <tr> <td align="left">0x0010</td> <td align="left">DHKEM(P-256, HKDF-SHA256)</td> <td align="left">32</td> <td align="left">65</td> <td align="left">65</td> <td align="left">32</td> <td align="left">yes</td> <td align="left"> <xref target="NISTCurves" format="default"/>, <xref target="RFC5869" format="default"/></td> </tr> <tr> <td align="left">0x0011</td> <td align="left">DHKEM(P-384, HKDF-SHA384)</td> <td align="left">48</td> <td align="left">97</td> <td align="left">97</td> <td align="left">48</td> <td align="left">yes</td> <td align="left"> <xref target="NISTCurves" format="default"/>, <xref target="RFC5869" format="default"/></td> </tr> <tr> <td align="left">0x0012</td> <td align="left">DHKEM(P-521, HKDF-SHA512)</td> <td align="left">64</td> <td align="left">133</td> <td align="left">133</td> <td align="left">66</td> <td align="left">yes</td> <td align="left"> <xref target="NISTCurves" format="default"/>, <xref target="RFC5869" format="default"/></td> </tr> <tr> <td align="left">0x0020</td> <td align="left">DHKEM(X25519, HKDF-SHA256)</td> <td align="left">32</td> <td align="left">32</td> <td align="left">32</td> <td align="left">32</td> <td align="left">yes</td> <td align="left"> <xreftarget="RFC7748"target="RFC5869" format="default"/>, <xreftarget="RFC5869"target="RFC7748" format="default"/></td> </tr> <tr> <td align="left">0x0021</td> <td align="left">DHKEM(X448, HKDF-SHA512)</td> <td align="left">64</td> <td align="left">56</td> <td align="left">56</td> <td align="left">56</td> <td align="left">yes</td> <td align="left"> <xreftarget="RFC7748"target="RFC5869" format="default"/>, <xreftarget="RFC5869"target="RFC7748" format="default"/></td> </tr> </tbody> </table> <t>The <tt>Auth</tt> column indicates if the KEM algorithm provides the <tt>AuthEncap()</tt>/<tt>AuthDecap()</tt> interface and is therefore suitable for the Auth and AuthPSK modes. The meaning of all other columns is explained in <xref target="kem-template" format="default"/>. All algorithms are suitable for the PSK mode.</t> <section anchor="serializepublickey-and-deserializepublickey" numbered="true" toc="default"> <name>SerializePublicKey and DeserializePublicKey</name> <t>For P-256,P-384P-384, and P-521, the <tt>SerializePublicKey()</tt> function of the KEM performs the uncompressed Elliptic-Curve-Point-to-Octet-String conversion according to <xref target="SECG" format="default"/>. <tt>DeserializePublicKey()</tt> performs the uncompressed Octet-String-to-Elliptic-Curve-Point conversion.</t> <t>For X25519 and X448, the <tt>SerializePublicKey()</tt> and <tt>DeserializePublicKey()</tt> functions are the identity function, since these curves already use fixed-length byte strings for public keys.</t> <t>Some deserialized public keysMUST<bcp14>MUST</bcp14> be validated before they can be used. See <xref target="validation" format="default"/> for specifics.</t> </section> <section anchor="serializeprivatekey" numbered="true" toc="default"> <name>SerializePrivateKey and DeserializePrivateKey</name> <t>As per <xref target="SECG" format="default"/>, P-256, P-384, and P-521 private keys are field elements in the scalar field of the curve being used. For this section, and for <xref target="derive-key-pair" format="default"/>, it is assumed thatimplementersimplementors of ECDH over these curves use an integer representation of private keys that is compatible with the <tt>OS2IP()</tt> function.</t> <t>For P-256,P-384P-384, and P-521, the <tt>SerializePrivateKey()</tt> function of the KEM performs the Field-Element-to-Octet-String conversion according to <xref target="SECG" format="default"/>. If the private key is an integer outside the range <tt>[0, order-1]</tt>, where <tt>order</tt> is the order of the curve being used, the private keyMUST<bcp14>MUST</bcp14> be reduced to its representative in <tt>[0, order-1]</tt> before being serialized. <tt>DeserializePrivateKey()</tt> performs the Octet-String-to-Field-Element conversion according to <xref target="SECG" format="default"/>.</t> <t>For X25519 and X448, private keys are identical to their byte string representation, so little processing has to be done. The <tt>SerializePrivateKey()</tt> functionMUST<bcp14>MUST</bcp14> clamp its output and the <tt>DeserializePrivateKey()</tt>MUSTfunction <bcp14>MUST</bcp14> clamp its input, where <em>clamping</em> refers to the bitwise operations performed on <tt>k</tt> in the <tt>decodeScalar25519()</tt> and <tt>decodeScalar448()</tt> functions defined insection 5 of<xref target="RFC7748" section="5" sectionFormat="of" format="default"/>.</t> <t>To catch invalid keys early on,implementersimplementors of DHKEMsSHOULD<bcp14>SHOULD</bcp14> check that deserialized private keys are not equivalent to 0 (mod <tt>order</tt>), where <tt>order</tt> is the order of the DH group. Note that this property is trivially true for X25519 and X448 groups, since clamped values can never be 0 (mod <tt>order</tt>).</t> </section> <section anchor="derive-key-pair" numbered="true" toc="default"> <name>DeriveKeyPair</name> <t>The keys that <tt>DeriveKeyPair()</tt> produces have only as much entropy as the provided input keying material. For a given KEM, the <tt>ikm</tt> parameter given to <tt>DeriveKeyPair()</tt>SHOULD<bcp14>SHOULD</bcp14> have length at least <tt>Nsk</tt>, andSHOULD<bcp14>SHOULD</bcp14> have at least <tt>Nsk</tt> bytes of entropy.</t> <t>All invocations of KDF functions (such as <tt>LabeledExtract</tt> or <tt>LabeledExpand</tt>) in any DHKEM's <tt>DeriveKeyPair()</tt> function use the DHKEM's associated KDF (as opposed to the ciphersuite's KDF).</t> <t>For P-256,P-384P-384, and P-521, the <tt>DeriveKeyPair()</tt> function of the KEM performs rejection sampling over field elements:</t><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="pseudocode"><![CDATA[ def DeriveKeyPair(ikm): dkp_prk = LabeledExtract("", "dkp_prk", ikm) sk = 0 counter = 0 while sk == 0 or sk >= order: if counter > 255: raise DeriveKeyPairError bytes = LabeledExpand(dkp_prk, "candidate", I2OSP(counter, 1), Nsk) bytes[0] = bytes[0] & bitmask sk = OS2IP(bytes) counter = counter + 1 return (sk, pk(sk))]]></artwork>]]></sourcecode> <t><tt>order</tt> is the order of the curve being used (seesectionSection D.1.2 of <xref target="NISTCurves" format="default"/>), and is listed below for completeness.</t> <artwork name="" type="" align="left" alt=""><![CDATA[ P-256: 0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551 P-384: 0xffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf 581a0db248b0a77aecec196accc52973 P-521: 0x01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff fa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409 ]]></artwork> <t><tt>bitmask</tt> is defined to be 0xFF for P-256 and P-384, and 0x01 for P-521. The precise likelihood of <tt>DeriveKeyPair()</tt> failing with DeriveKeyPairError depends on the group being used, but it is negligibly small in all cases. See <xref target="api-errors" format="default"/> for information about dealing with such failures.</t> <t>For X25519 and X448, the <tt>DeriveKeyPair()</tt> function applies a KDF to the input:</t><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="pseudocode"><![CDATA[ def DeriveKeyPair(ikm): dkp_prk = LabeledExtract("", "dkp_prk", ikm) sk = LabeledExpand(dkp_prk, "sk", "", Nsk) return (sk, pk(sk))]]></artwork>]]></sourcecode> </section> <section anchor="validation" numbered="true" toc="default"> <name>Validation of Inputs and Outputs</name> <t>The following public keys are subject to validation if the group requires public key validation: the senderMUST<bcp14>MUST</bcp14> validate the recipient's public key <tt>pkR</tt>; the recipientMUST<bcp14>MUST</bcp14> validate the ephemeral public key <tt>pkE</tt>; in authenticated modes, the recipientMUST<bcp14>MUST</bcp14> validate the sender's static public key <tt>pkS</tt>. Validation failure yields a <tt>ValidationError</tt>.</t> <t>For P-256,P-384P-384, and P-521, senders and recipientsMUST<bcp14>MUST</bcp14> perform partialpublic-keypublic key validation on all public key inputs, as defined insectionSection 5.6.2.3.4 of <xref target="keyagreement" format="default"/>. This includes checking that the coordinates are in the correct range, that the point is on the curve, and that the point is not the point at infinity. Additionally, senders and recipientsMUST<bcp14>MUST</bcp14> ensure the Diffie-Hellman shared secret is not the point at infinity.</t> <t>For X25519 and X448, public keys and Diffie-Hellman outputsMUST<bcp14>MUST</bcp14> be validated as described in <xref target="RFC7748" format="default"/>. In particular, recipientsMUST<bcp14>MUST</bcp14> check whether the Diffie-Hellman shared secret is the all-zero value and abort if so.</t> </section> <section anchor="future-kems" numbered="true" toc="default"> <name>Future KEMs</name> <t><xref target="kem-security" format="default"/> lists security requirements on a KEM used within HPKE.</t> <t>The <tt>AuthEncap()</tt> and <tt>AuthDecap()</tt> functions areOPTIONAL.<bcp14>OPTIONAL</bcp14>. If a KEM algorithm does not provide them, only the Base and PSK modes of HPKE are supported. Future specificationswhichthat define new KEMsMUST<bcp14>MUST</bcp14> indicate whether or not Auth and AuthPSK modes are supported.</t> <t>A KEM algorithm may support different encoding algorithms, with different output lengths, for KEM public keys. Such KEM algorithmsMUST<bcp14>MUST</bcp14> specify only one encoding algorithm whose output length is <tt>Npk</tt>.</t> </section> </section> <section anchor="kdf-ids" numbered="true" toc="default"> <name>Key Derivation Functions (KDFs)</name> <table anchor="kdfid-values" align="center"> <name>KDF IDs</name> <thead> <tr> <th align="left">Value</th> <th align="left">KDF</th> <th align="left">Nh</th> <th align="left">Reference</th> </tr> </thead> <tbody> <tr> <td align="left">0x0000</td> <tdalign="left">(reserved)</td>align="left">Reserved</td> <td align="left">N/A</td> <tdalign="left">N/A</td>align="left">RFC 9180</td> </tr> <tr> <td align="left">0x0001</td> <td align="left">HKDF-SHA256</td> <td align="left">32</td> <td align="left"> <xref target="RFC5869" format="default"/></td> </tr> <tr> <td align="left">0x0002</td> <td align="left">HKDF-SHA384</td> <td align="left">48</td> <td align="left"> <xref target="RFC5869" format="default"/></td> </tr> <tr> <td align="left">0x0003</td> <td align="left">HKDF-SHA512</td> <td align="left">64</td> <td align="left"> <xref target="RFC5869" format="default"/></td> </tr> </tbody> </table> <section anchor="kdf-input-length" numbered="true" toc="default"> <name>Input Length Restrictions</name> <t>This document defines <tt>LabeledExtract()</tt> and <tt>LabeledExpand()</tt> based on the KDFs listed above. These functions add prefixes to their respective inputs <tt>ikm</tt> and <tt>info</tt> before calling the KDF's <tt>Extract()</tt> and <tt>Expand()</tt> functions. This leads to a reduction of the maximum input length that is available for the inputs <tt>psk</tt>, <tt>psk_id</tt>, <tt>info</tt>, <tt>exporter_context</tt>, <tt>ikm</tt>, i.e., the variable-length parameters provided by HPKE applications. The following table lists the maximum allowed lengths of these fields for the KDFs defined in this document, as inclusive bounds in bytes:</t> <table anchor="input-limits" align="center"> <name>Application Input Limits</name> <thead> <tr> <th align="left">Input</th> <th align="left">HKDF-SHA256</th> <th align="left">HKDF-SHA384</th> <th align="left">HKDF-SHA512</th> </tr> </thead> <tbody> <tr> <td align="left">psk</td> <td align="left">2^{61} - 88</td> <td align="left">2^{125} - 152</td> <td align="left">2^{125} - 152</td> </tr> <tr> <td align="left">psk_id</td> <td align="left">2^{61} - 93</td> <td align="left">2^{125} - 157</td> <td align="left">2^{125} - 157</td> </tr> <tr> <td align="left">info</td> <td align="left">2^{61} - 91</td> <td align="left">2^{125} - 155</td> <td align="left">2^{125} - 155</td> </tr> <tr> <td align="left">exporter_context</td> <td align="left">2^{61} - 120</td> <td align="left">2^{125} - 200</td> <td align="left">2^{125} - 216</td> </tr> <tr> <td align="left">ikm (DeriveKeyPair)</td> <td align="left">2^{61} - 84</td> <td align="left">2^{125} - 148</td> <td align="left">2^{125} - 148</td> </tr> </tbody> </table> <t>This shows that the limits are only marginally smaller than the maximum input length of the underlying hash function; these limits are large and unlikely to be reached in practical applications. Future specificationswhichthat define new KDFsMUST<bcp14>MUST</bcp14> specify bounds for these variable-length parameters.</t> <t>TheRECOMMENDED<bcp14>RECOMMENDED</bcp14> limit for these values is 64 bytes. This would enable interoperability with implementations that statically allocate memory for these inputs to avoid memory allocations.</t> <t>The values for <tt>psk</tt>, <tt>psk_id</tt>, <tt>info</tt>, and<tt>ikm</tt><tt>ikm</tt>, which are inputs to<tt>LabeledExtract()</tt><tt>LabeledExtract()</tt>, were computed with the following expression:</t> <artwork name=""type=""type="pseudocode" align="left" alt=""><![CDATA[ max_size_hash_input - Nb - size_version_label - size_suite_id - size_input_label ]]></artwork> <t>The value for<tt>exporter_context</tt><tt>exporter_context</tt>, which is an input to<tt>LabeledExpand()</tt><tt>LabeledExpand()</tt>, was computed with the following expression:</t> <artwork name=""type=""type="pseudocode" align="left" alt=""><![CDATA[ max_size_hash_input - Nb - Nh - size_version_label - size_suite_id - size_input_label - 2 - 1 ]]></artwork> <t>In these equations, <tt>max_size_hash_input</tt> is the maximum input length of the underlying hash function in bytes, <tt>Nb</tt> is the block size of the underlying hash function in bytes, <tt>size_version_label</tt> is the size of "HPKE-v1" in bytes and equals 7, <tt>size_suite_id</tt> is the size of the <tt>suite_id</tt> in bytes and equals 5 for DHKEM (relevant for <tt>ikm</tt>) and 10 for the remainder of HPKE (relevant for <tt>psk</tt>, <tt>psk_id</tt>, <tt>info</tt>, and <tt>exporter_context</tt>), and <tt>size_input_label</tt> is the size in bytes of the label used as parameter to <tt>LabeledExtract()</tt> or <tt>LabeledExpand()</tt>, the maximum of which is 13 across all labels in this document.</t> </section> </section> <section anchor="aead-ids" numbered="true" toc="default"> <name>Authenticated Encryption with Associated Data (AEAD) Functions</name> <table anchor="aeadid-values" align="center"> <name>AEAD IDs</name> <thead> <tr> <th align="left">Value</th> <th align="left">AEAD</th> <th align="left">Nk</th> <th align="left">Nn</th> <th align="left">Nt</th> <th align="left">Reference</th> </tr> </thead> <tbody> <tr> <td align="left">0x0000</td> <tdalign="left">(reserved)</td>align="left">Reserved</td> <td align="left">N/A</td> <td align="left">N/A</td> <td align="left">N/A</td> <tdalign="left">N/A</td>align="left">RFC 9180</td> </tr> <tr> <td align="left">0x0001</td> <td align="left">AES-128-GCM</td> <td align="left">16</td> <td align="left">12</td> <td align="left">16</td> <td align="left"> <xref target="GCM" format="default"/></td> </tr> <tr> <td align="left">0x0002</td> <td align="left">AES-256-GCM</td> <td align="left">32</td> <td align="left">12</td> <td align="left">16</td> <td align="left"> <xref target="GCM" format="default"/></td> </tr> <tr> <td align="left">0x0003</td> <td align="left">ChaCha20Poly1305</td> <td align="left">32</td> <td align="left">12</td> <td align="left">16</td> <td align="left"> <xref target="RFC8439" format="default"/></td> </tr> <tr> <td align="left">0xFFFF</td> <td align="left">Export-only</td> <td align="left">N/A</td> <td align="left">N/A</td> <td align="left">N/A</td> <tdalign="left">[[RFCXXXX]]</td>align="left">RFC 9180</td> </tr> </tbody> </table> <t>The <tt>0xFFFF</tt> AEAD ID is reserved for applicationswhichthat only use the Export interface; see <xref target="hpke-export" format="default"/> for more details.</t> </section> </section> <section anchor="api-considerations" numbered="true" toc="default"> <name>API Considerations</name> <t>This section documents considerations for interfaces to implementations of HPKE. This includes error handling considerations and recommendations that improve interoperability when HPKE is used in applications.</t> <section anchor="auxiliary-authenticated-application-information" numbered="true" toc="default"> <name>Auxiliary Authenticated Application Information</name> <t>HPKE has two places at which applications can specify auxiliary authenticated information: (1) during context construction via the Setup <tt>info</tt> parameter, and (2) during Context operations, i.e., with the <tt>aad</tt> parameter for <tt>Open()</tt> and <tt>Seal()</tt>, and the <tt>exporter_context</tt> parameter for <tt>Export()</tt>. Application information applicable to multiple operations on a single Context should use the Setup <tt>info</tt> parameter. This avoids redundantly processing this information for each Context operation. In contrast, application information that varies on a per-message basis should be specified via the Context APIs (<tt>Seal()</tt>, <tt>Open()</tt>, or <tt>Export()</tt>).</t> <t>Applications that only use the single-shot APIs described in <xref target="single-shot-apis" format="default"/> should use the Setup <tt>info</tt> parameter for specifying auxiliary authenticated information. Implementations which only expose single-shot APIs should not allow applications to use both Setup <tt>info</tt> and Context <tt>aad</tt> or <tt>exporter_context</tt> auxiliary information parameters.</t> </section> <section anchor="api-errors" numbered="true" toc="default"> <name>Errors</name> <t>The high-level, public HPKE APIs specified in this document are all fallible. These include the Setup functions and all encryption context functions. For example, <tt>Decap()</tt> can fail if the encapsulated key <tt>enc</tt> is invalid, and <tt>Open()</tt> may fail if ciphertext decryption fails. The explicit errors generated throughout this specification, along with the conditions that lead to each error, are as follows:</t> <ul spacing="normal"><li> <tt>ValidationError</tt>:<li><tt>ValidationError</tt>: KEM input or output validation failure; <xref target="dhkem" format="default"/>.</li><li> <tt>DeserializeError</tt>:<li><tt>DeserializeError</tt>: Public or private key deserialization failure; <xref target="base-crypto" format="default"/>.</li><li> <tt>EncapError</tt>:<li><tt>EncapError</tt>: <tt>Encap()</tt> failure; <xref target="base-crypto" format="default"/>.</li><li> <tt>DecapError</tt>:<li><tt>DecapError</tt>: <tt>Decap()</tt> failure; <xref target="base-crypto" format="default"/>.</li><li> <tt>OpenError</tt>:<li><tt>OpenError</tt>: Context AEAD <tt>Open()</tt> failure; Sections <xref target="base-crypto"format="default"/>format="counter"/> and <xref target="hpke-dem"format="default"/>.</li> <li> <tt>MessageLimitReachedError</tt>:format="counter"/>.</li> <li><tt>MessageLimitReachedError</tt>: Context AEAD sequence number overflow; Sections <xref target="base-crypto"format="default"/>format="counter"/> and <xref target="hpke-dem"format="default"/>.</li> <li> <tt>DeriveKeyPairError</tt>:format="counter"/>.</li> <li><tt>DeriveKeyPairError</tt>: Key pair derivation failure; <xref target="derive-key-pair" format="default"/>.</li> </ul> <t>Implicit errors may also occur. As an example, certain classes of failures, e.g., malformed recipient public keys, may not yield explicit errors. For example, for the DHKEM variant described in this specification, the <tt>Encap()</tt> algorithm fails when given an invalid recipient public key. However, other KEM algorithms may not have an efficient algorithm for verifying the validity of public keys. As a result, an equivalent error may not manifest until AEAD decryption at the recipient. As another example, DHKEM's <tt>AuthDecap()</tt> function will produce invalid output if given the wrong sender public key. This error is not detectable until subsequent AEAD decryption.</t> <t>The errors in this document are meant as a guide for implementors. They are not an exhaustive list of all the errors an implementation might emit. For example, future KEMs might have internal failure cases, or an implementation might run out of memory.</t> <t>How these errors are expressed in an API or handled by applications is an implementation-specific detail. For example, some implementations may abort or panic upon a <tt>DeriveKeyPairError</tt> failure given that it only occurs with negligible probability, whereas other implementations may retry the failed DeriveKeyPair operation. See <xref target="derive-key-pair" format="default"/> for more information. As another example, some implementations of the DHKEM specified in this document may choose to transform <tt>ValidationError</tt> from <tt>DH()</tt> into an <tt>EncapError</tt> or <tt>DecapError</tt> from <tt>Encap()</tt> or <tt>Decap()</tt>, respectively, whereas others may choose to raise <tt>ValidationError</tt> unmodified.</t> <t>Applications using HPKE APIs should not assume that the errors here are complete, nor should they assume certain classes of errors will always manifest the same way for all ciphersuites. For example, the DHKEM specified in this document will emit a <tt>DeserializationError</tt> or <tt>ValidationError</tt> if a KEM public key is invalid. However, a new KEM might not have an efficient algorithm for determining whether or not a public key is valid. In this case, an invalid public key might instead yield an <tt>OpenError</tt> when trying to decrypt a ciphertext.</t> </section> </section> <section anchor="sec-considerations" numbered="true" toc="default"> <name>Security Considerations</name> <section anchor="sec-properties" numbered="true" toc="default"> <name>Security Properties</name> <t>HPKE has several security goals, depending on the mode of operation, against active and adaptive attackers that can compromise partial secrets of senders and recipients. The desired security goals are detailed below:</t> <ul spacing="normal"> <li>Message secrecy: Confidentiality of the sender's messages against chosen ciphertext attacks</li> <li>Export key secrecy: Indistinguishability of each export secret from a uniformly random bitstring of equal length, i.e., <tt>Context.Export</tt> is a variable-length PRF</li> <li>Sender authentication: Proof of sender origin for PSK, Auth, and AuthPSK modes</li> </ul> <t>These security goals are expected to hold for any honest sender and honest recipient keys, as well as if the honest sender and honest recipient keys are the same.</t> <t>HPKE mitigates malleability problems (called benign malleability <xref target="SECG" format="default"/>) in prior public key encryption standards based on ECIES by including all public keys in the context of the key schedule.</t> <t>HPKE does not provide forward secrecy with respect to recipient compromise. In the Base and Auth modes, the secrecy properties are only expected to hold if the recipient private key <tt>skR</tt> is not compromised at any point in time. In the PSK and AuthPSK modes, the secrecy properties are expected to hold if the recipient private key <tt>skR</tt> and the pre-shared key are not both compromised at any point in time. See <xref target="non-goals" format="default"/> for more details.</t> <t>In the Auth mode, sender authentication is generally expected to hold if the sender private key <tt>skS</tt> is not compromised at the time of message reception. In the AuthPSK mode, sender authentication is generally expected to holdifif, at the time of message reception, the sender private key skS and the pre-shared key are not both compromised.</t> <t>Besides forward secrecy and key-compromise impersonation, which are highlighted in this section because of their particular cryptographic importance, HPKE has other non-goals that are described in <xref target="non-goals" format="default"/>: no tolerance of message reordering or loss, no downgrade or replay prevention, no hiding of the plaintext length, and no protection against bad ephemeral randomness. <xref target="non-goals" format="default"/> suggests application-level mitigations for some of them.</t> <section anchor="kci" numbered="true" toc="default"> <name>Key-Compromise Impersonation</name> <t>The DHKEM variants defined in this document are vulnerable to key-compromise impersonation attacks <xref target="BJM97" format="default"/>, which means that sender authentication cannot be expected to hold in the Auth mode if the recipient private key <tt>skR</tt> is compromised, and in the AuthPSK mode if the pre-shared key and the recipient private key <tt>skR</tt> are both compromised. NaCl's <tt>box</tt> interface <xref target="NaCl" format="default"/> has the same issue. At the same time, this enables repudiability.</t> <t>As shown by <xref target="ABHKLR20" format="default"/>, key-compromise impersonation attacks are generally possible on HPKE because KEM ciphertexts are not bound to HPKE messages. An adversary who knows a recipient's private key can decapsulate an observed KEM ciphertext, compute the key schedule, and encrypt an arbitrary message that the recipient will accept as coming from the original sender. Importantly, this is possible even with a KEM that is resistant to key-compromise impersonation attacks. As a result, mitigating this issue requires fundamental changes that areout-of-scopeout of scope of this specification.</t> <t>Applications that require resistance against key-compromise impersonationSHOULD<bcp14>SHOULD</bcp14> take extra steps to prevent this attack. One possibility is to produce a digital signature over <tt>(enc, ct)</tt> tuples using a sender's private key--- where <tt>ct</tt> is an AEAD ciphertext produced by the single-shot or multi-shotAPI,API and <tt>enc</tt> is the corresponding KEM encapsulated key.</t> <t>Given these properties, pre-shared keys strengthen both the authentication and the secrecy properties in certain adversary models. One particular example in which this can be useful is a hybrid quantum setting: if a non-quantum-resistant KEM used with HPKE is broken by a quantum computer, the security properties are preserved through the use of a pre-shared key. As described in <xref target="RFC8696"format="default"/>sectionFormat="of" section="7"/> this assumes that the pre-shared key has not been compromised.</t> </section> <section anchor="computational-analysis" numbered="true" toc="default"> <name>Computational Analysis</name> <t>It is shown in <xref target="CS01" format="default"/> that a hybridpublic-keypublic key encryption scheme of essentially the same form as the Base mode described here is IND-CCA2-secure as long as the underlying KEM and AEAD schemes are IND-CCA2-secure. Moreover, it is shown in <xref target="HHK06" format="default"/> that IND-CCA2 security of the KEM and the data encapsulation mechanism are necessary conditions to achieve IND-CCA2 security for hybridpublic-keypublic key encryption. The main difference between the scheme proposed in <xref target="CS01" format="default"/> and the Base mode in this document (both named HPKE) is that we interpose some KDF calls between the KEM and the AEAD. Analyzing the HPKE Base mode instantiation in this document therefore requires verifying that the additional KDF calls do not cause the IND-CCA2 property to fail, as well as verifying the additional export key secrecy property.</t> <t>Analysis of the PSK, Auth, and AuthPSK modes defined in this document additionally requires verifying the sender authentication property. While the PSK mode just adds supplementary keying material to the key schedule, the Auth and AuthPSK modes make use of a non-standard authenticated KEM construction. Generally, the authenticated modes of HPKE can be viewed and analyzed as flavors of signcryption <xref target="SigncryptionDZ10" format="default"/>.</t> <t>A preliminary computational analysis of all HPKE modes has been done in <xref target="HPKEAnalysis" format="default"/>, indicating asymptotic security for the case where the KEM is DHKEM, the AEAD is anyIND-CPAIND-CPA-secure and INT-CTXT-secure scheme, and the DH group and KDF satisfy the following conditions:</t> <ul spacing="normal"> <li>DH group: The gap Diffie-Hellman (GDH) problem is hard in the appropriate subgroup <xref target="GAP" format="default"/>.</li><li> <tt>Extract()</tt><li><tt>Extract()</tt> and <tt>Expand()</tt>: <tt>Extract()</tt> can be modeled as a random oracle. <tt>Expand()</tt> can be modeled as a pseudorandom function, wherein the first argument is the key.</li> </ul> <t>In particular, the KDFs and DH groups defined in this document (see Sections <xref target="kdf-ids"format="default"/>format="counter"/> and <xref target="kem-ids"format="default"/>)format="counter"/>) satisfy these properties when used as specified. The analysis in <xref target="HPKEAnalysis" format="default"/> demonstrates that under these constraints, HPKE continues to provide IND-CCA2 security, and provides the additional properties noted above. Also, the analysis confirms the expected properties hold under the different key compromise cases mentioned above. The analysis considers a sender that sends one message using the encryption context, and additionally exports two independent secrets using the secret export interface.</t> <t>The table below summarizes the main results from <xref target="HPKEAnalysis" format="default"/>. N/A means that a property does not apply for the given mode, whereas<tt>y</tt><tt>Y</tt> means the given mode satisfies the property.</t> <table align="center"> <name>HPKE Mode Security Properties</name> <thead> <tr> <th align="left">Variant</th> <th align="center">Message Sec.</th> <th align="center">Export Sec.</th> <th align="center">Sender Auth.</th> </tr> </thead> <tbody> <tr> <td align="left">Base</td> <tdalign="center">y</td>align="center">Y</td> <tdalign="center">y</td>align="center">Y</td> <td align="center">N/A</td> </tr> <tr> <td align="left">PSK</td> <tdalign="center">y</td>align="center">Y</td> <tdalign="center">y</td>align="center">Y</td> <tdalign="center">y</td>align="center">Y</td> </tr> <tr> <td align="left">Auth</td> <tdalign="center">y</td>align="center">Y</td> <tdalign="center">y</td>align="center">Y</td> <tdalign="center">y</td>align="center">Y</td> </tr> <tr> <td align="left">AuthPSK</td> <tdalign="center">y</td>align="center">Y</td> <tdalign="center">y</td>align="center">Y</td> <tdalign="center">y</td>align="center">Y</td> </tr> </tbody> </table> <t>If non-DH-based KEMs are to be used with HPKE, further analysis will be necessary to prove their security. The results from <xref target="CS01" format="default"/> provide some indication that any IND-CCA2-secure KEM will suffice here, but are not conclusive given the differences in the schemes.</t> <t>A detailed computational analysis of HPKE's Auth mode single-shot encryption API has been done in <xref target="ABHKLR20" format="default"/>. The paper defines security notions for authenticated KEMs and for authenticated public key encryption, using the outsider and insider security terminology known from signcryption <xref target="SigncryptionDZ10" format="default"/>. The analysis proves that DHKEM's <tt>AuthEncap()</tt>/<tt>AuthDecap()</tt> interface fulfills these notions for all Diffie-Hellman groups specified in thisdocument, and indicatesdocument. The analysis also provides exact security bounds, under theassumptionassumptions that the gap Diffie-Hellman (GDH) problem is hard in the appropriate subgroup <xref target="GAP" format="default"/>, and that HKDF can be modeled as a random oracle.</t> <t>Further, <xref target="ABHKLR20" format="default"/> proves composition theorems, showing that HPKE's Auth mode fulfills the security notions of authenticated public key encryption for all KDFs and AEAD schemes specified in this document, given any authenticated KEM satisfying the previously defined security notions for authenticated KEMs. The theorems assume that the KEM is perfectly correct; they could easily be adapted to work with KEMs that have anon-zerononzero but negligible probability for decryption failure. The assumptions on the KDF are that <tt>Extract()</tt> and <tt>Expand()</tt> can be modeled as pseudorandom functions wherein the first argument is the key, respectively. The assumption for the AEAD is IND-CPA and IND-CTXT security.</t> <t>In summary, the analysis in <xref target="ABHKLR20" format="default"/> proves that the single-shot encryption API of HPKE's Auth mode satisfies the desired message confidentiality and sender authentication properties listed at the beginning of this section; it does not consider multiple messages, nor the secret export API.</t> </section> <section anchor="post-quantum-security" numbered="true" toc="default"> <name>Post-Quantum Security</name> <t>All of <xref target="CS01" format="default"/>, <xref target="HPKEAnalysis" format="default"/>, and <xref target="ABHKLR20" format="default"/> are premised on classical security models and assumptions, and do not consider adversaries capable of quantum computation. A full proof of post-quantum security would need to take appropriate security models and assumptions into account, in addition to simply using a post-quantum KEM. However, the composition theorems from <xref target="ABHKLR20" format="default"/> for HPKE's Auth mode only make standard assumptions (i.e., no random oracle assumption) that are expected to hold against quantum adversaries (although with slightly worse bounds). Thus, these composition theorems, in combination with a post-quantum-secure authenticated KEM, guarantee the post-quantum security of HPKE's Auth mode.</t> <t>In future work, the analysis from <xref target="ABHKLR20" format="default"/> can be extended to cover HPKE's other modes and desired security properties. The hybrid quantum-resistance property described above, which is achieved by using the PSK or AuthPSK mode, is not proven in <xref target="HPKEAnalysis" format="default"/> because this analysis requires the random oracle model; in a quantum setting, this model needs adaption to, for example, the quantum random oracle model.</t> </section> </section> <section anchor="kem-security" numbered="true" toc="default"> <name>Security Requirements on a KEMusedUsed within HPKE</name> <t>A KEM used within HPKEMUST<bcp14>MUST</bcp14> allow HPKE to satisfy its desired security properties described in <xref target="sec-properties" format="default"/>. <xref target="domain-separation" format="default"/> lists requirements concerning domain separation.</t> <t>In particular, the KEM shared secretMUST<bcp14>MUST</bcp14> be a uniformly random byte string of length <tt>Nsecret</tt>. This means, for instance, that it would not be sufficient if the KEM shared secret is only uniformly random as an element of some set prior to its encoding as a byte string.</t> <section anchor="encapdecap-interface" numbered="true" toc="default"> <name>Encap/Decap Interface</name> <t>As mentioned in <xref target="sec-considerations" format="default"/>, <xref target="CS01" format="default"/> provides some indications that if the KEM's <tt>Encap()</tt>/<tt>Decap()</tt> interface (which is used in the Base and PSKmodes),modes) is IND-CCA2-secure, HPKE is able to satisfy its desired security properties. An appropriate definition ofIND-CCA2-securityIND-CCA2 security for KEMs can be found in <xref target="CS01" format="default"/> and <xref target="BHK09" format="default"/>.</t> </section> <section anchor="authencapauthdecap-interface" numbered="true" toc="default"> <name>AuthEncap/AuthDecap Interface</name> <t>The analysis of HPKE's Auth mode single-shot encryption API in <xref target="ABHKLR20" format="default"/> provides composition theorems that guarantee that HPKE's Auth mode achieves its desired security properties if the KEM's <tt>AuthEncap()</tt>/<tt>AuthDecap()</tt> interface satisfies multi-user Outsider-CCA, Outsider-Auth, and Insider-CCAsecuritysecurity, as defined in the same paper.</t> <t>Intuitively, Outsider-CCA security formalizes confidentiality, and Outsider-Auth security formalizes authentication of the KEM shared secret in case none of the sender or recipient private keys are compromised. Insider-CCA security formalizes confidentiality of the KEM shared secret in case the sender private key is known or chosen by the adversary. (If the recipient private key is known or chosen by the adversary, confidentiality is trivially broken, because then the adversary knows all secrets on the recipient's side).</t> <t>An Insider-Auth security notion would formalize authentication of the KEM shared secret in case the recipient private key is known or chosen by the adversary. (If the sender private key is known or chosen by the adversary, it can create KEM ciphertexts in the name of the sender). Because of the generic attack on an analogous Insider-Auth security notion of HPKE described in <xref target="sec-properties" format="default"/>, a definition of Insider-Auth security for KEMs used within HPKE is not useful.</t> </section> <section anchor="kem-key-reuse" numbered="true" toc="default"> <name>KEM Key Reuse</name> <t>An <tt>ikm</tt> input to <tt>DeriveKeyPair()</tt> (<xref target="derive-key-pair" format="default"/>)MUST NOT<bcp14>MUST NOT</bcp14> be reused elsewhere, in particular not with <tt>DeriveKeyPair()</tt> of a different KEM.</t> <t>The randomness used in <tt>Encap()</tt> and <tt>AuthEncap()</tt> to generate the KEM shared secret or its encapsulationMUST NOT<bcp14>MUST NOT</bcp14> be reused elsewhere.</t><t>As<t>Since asender or recipientKEM key pair belonging to a sender or recipient works with all modes, it can be used with multiple modes in parallel. HPKE is constructed to be secure in such settings due to domain separation using the <tt>suite_id</tt> variable. However, there is no formal proof of security at the time of writing for using multiple modes in parallel; <xref target="HPKEAnalysis" format="default"/> and <xref target="ABHKLR20" format="default"/> only analyze isolated modes.</t> </section> </section> <section anchor="kdf-choice" numbered="true" toc="default"> <name>Security Requirements on a KDF</name> <t>The choice of the KDF for HPKESHOULD<bcp14>SHOULD</bcp14> be made based on the security level provided by the KEM and, if applicable, by the PSK. The KDFSHOULD<bcp14>SHOULD</bcp14> at least have the security level of the KEM andSHOULD<bcp14>SHOULD</bcp14> at least have the security level provided by the PSK.</t> </section> <section anchor="aead-security" numbered="true" toc="default"> <name>Security Requirements on an AEAD</name> <t>All AEADsMUST<bcp14>MUST</bcp14> be IND-CCA2-secure, as is currently true for all AEADs listed in <xref target="aead-ids" format="default"/>.</t> </section> <section anchor="security-psk" numbered="true" toc="default"> <name>Pre-Shared Key Recommendations</name> <t>In the PSK and AuthPSK modes, the PSKMUST<bcp14>MUST</bcp14> have at least 32 bytes of entropy andSHOULD<bcp14>SHOULD</bcp14> be of length <tt>Nh</tt> bytes or longer. Using a PSK longer than 32 bytes but shorter than <tt>Nh</tt> bytes is permitted.</t> <t>HPKE is specified to use HKDF as its key derivation function. HKDF is not designed to slow down dictionaryattacks, seeattacks (see <xref target="RFC5869"format="default"/>.format="default"/>). Thus, HPKE's PSK mechanism is not suitable for use with a low-entropy password as the PSK:inIn scenarios in which the adversary knows the KEM shared secret <tt>shared_secret</tt> and has access to an oracle thatallows to distinguishdistinguishes between a good and a wrong PSK, it can perform PSK-recovering attacks. This oracle can be the decryption operation on a captured HPKE ciphertext or any other recipient behaviorwhichthat is observably different when using a wrong PSK. The adversary knows the KEM shared secret <tt>shared_secret</tt> if it knows all KEM private keys of one participant. In the PSKmodemode, this is trivially the case if the adversary acts as the sender.</t> <t>To recover a lower entropy PSK, an attacker in this scenario can trivially perform a dictionary attack. Given a set <tt>S</tt> of possible PSK values, the attacker generates an HPKE ciphertext for each value in <tt>S</tt>, and submits the resulting ciphertexts to the oracle to learn which PSK is being used by the recipient. Further, because HPKE uses AEAD schemes that are not key-committing, an attacker can mount a partitioning oracle attack <xref target="LGR20" format="default"/>whichthat can recover the PSK from a set of <tt>S</tt> possible PSK values, with |S| = m*k, in roughly m + log k queries to the oracle using ciphertexts of length proportional to k, the maximum message length in blocks. (Applying the multi-collision algorithm from <xref target="LGR20" format="default"/> requires a small adaptation to the algorithm wherein the appropriate nonce is computed for each candidate key. This modification adds one call to HKDF per key. The number of partitioning oracle queries remains unchanged.) As a result, the PSK must therefore be chosen with sufficient entropy so that m + log k is prohibitive for attackers (e.g., 2^128). Future specifications can define new AEAD algorithmswhichthat are key-committing.</t> </section> <section anchor="domain-separation" numbered="true" toc="default"> <name>Domain Separation</name> <t>HPKE allows combining a DHKEM variant <tt>DHKEM(Group, KDF')</tt> and a KDF such that both KDFs are instantiated by the same KDF. By design, the calls to <tt>Extract()</tt> and <tt>Expand()</tt> inside DHKEM and the remainder of HPKE use separate input domains. This justifies modeling them as independent functions even if instantiated by the same KDF. This domain separation between DHKEM and the remainder of HPKE is achieved bytheusing prefix-free sets of <tt>suite_id</tt> values in <tt>LabeledExtract()</tt> and<tt>LabeledExpand()</tt>: The values used<tt>LabeledExpand()</tt> (<tt>KEM...</tt> in DHKEM and <tt>HPKE...</tt> in the remainder ofHPKE) are prefix-free (aHPKE). Recall that a set is prefix-free if no element is a prefix of another within theset).</t>set.</t> <t>Future KEM instantiationsMUST<bcp14>MUST</bcp14> ensure, should <tt>Extract()</tt> and <tt>Expand()</tt> be used internally, that they can be modeled as functions independent from the invocations of <tt>Extract()</tt> and <tt>Expand()</tt> in the remainder of HPKE. One way to ensure this is by using <tt>LabeledExtract()</tt> and <tt>LabeledExpand()</tt> with a <tt>suite_id</tt> as defined in <xref target="base-crypto" format="default"/>, which will ensure input domainseparationseparation, as outlined above. Particular attention needs to be paid if the KEM directly invokes functions that are used internally in HPKE's <tt>Extract()</tt> or <tt>Expand()</tt>, such as <tt>Hash()</tt> and <tt>HMAC()</tt> in the case of HKDF. ItMUST<bcp14>MUST</bcp14> be ensured that inputs to these invocations cannot collide with inputs to the internal invocations of these functions inside <tt>Extract()</tt> or <tt>Expand()</tt>. In HPKE's <tt>KeySchedule()</tt> this is avoided by using <tt>Extract()</tt> instead of <tt>Hash()</tt> on the arbitrary-length inputs <tt>info</tt> and <tt>psk_id</tt>.</t> <t>The string literal "HPKE-v1" used in <tt>LabeledExtract()</tt> and <tt>LabeledExpand()</tt> ensures that any secrets derived in HPKE are bound to the scheme's name and version, even when possibly derived from the same Diffie-Hellman or KEM shared secret as in another scheme or version.</t> </section> <section anchor="non-goals" numbered="true" toc="default"> <name>Application Embedding and Non-Goals</name> <t>HPKE is designed to be a fairly low-level mechanism. As a result, it assumes that certain properties are provided by the application in which HPKE isembedded,embedded and leaves certain security properties to be provided by other mechanisms. Otherwise said, certain properties areout-of-scopeout of scope for HPKE.</t> <section anchor="message-order-and-message-loss" numbered="true" toc="default"> <name>Message Order and Message Loss</name> <t>The primary requirement that HPKE imposes on applications is the requirement that ciphertextsMUST<bcp14>MUST</bcp14> be presented to <tt>ContextR.Open()</tt> in the same order in which they were generated by <tt>ContextS.Seal()</tt>. When the single-shot API is used (see <xref target="single-shot-apis" format="default"/>), this is trivially true (since there is only ever oneciphertext.ciphertext). Applications that allow for multiple invocations of <tt>Open()</tt> / <tt>Seal()</tt> on the same contextMUST<bcp14>MUST</bcp14> enforce the ordering property described above.</t> <t>Ordering requirements of this character are usually fulfilled by providing a sequence number in the framing of encrypted messages. Whatever information is used to determine the ordering of HPKE-encrypted messagesSHOULD<bcp14>SHOULD</bcp14> be included in theAADassociated data passed to <tt>ContextS.Seal()</tt> and <tt>ContextR.Open()</tt>. The specifics of this scheme are up to the application.</t> <t>HPKE is not tolerant of lost messages. ApplicationsMUST<bcp14>MUST</bcp14> be able to detect when a message has been lost. When an unrecoverable loss is detected, the applicationMUST<bcp14>MUST</bcp14> discard any associated HPKE context.</t> </section> <section anchor="downgrade-prevention" numbered="true" toc="default"> <name>Downgrade Prevention</name> <t>HPKE assumes that the sender and recipient agree on what algorithms to use. Depending on how these algorithms are negotiated, it may be possible for an intermediary to force the two parties to use suboptimal algorithms.</t> </section> <section anchor="replay-protection" numbered="true" toc="default"> <name>Replay Protection</name> <t>The requirement that ciphertexts be presented to the <tt>ContextR.Open()</tt> function in the same order they were generated by <tt>ContextS.Seal()</tt> provides a degree of replay protection within a stream of ciphertexts resulting from a given context. HPKE provides no other replay protection.</t> </section> <section anchor="forward-secrecy" numbered="true" toc="default"> <name>Forward Secrecy</name> <t>HPKE ciphertexts are not forward secret with respect to recipient compromise in any mode. This means that compromise of long-term recipient secrets allows an attacker to decrypt past ciphertexts encrypted under said secrets. This is because only long-term secrets are used on the side of the recipient.</t> <t>HPKE ciphertexts are forward secret with respect to sender compromise in all modes. This is because ephemeral randomness is used on the sender's side, which is supposed to be erased directly after computation of the KEM shared secret and ciphertext.</t> </section> <section anchor="bad-ephemeral-randomness" numbered="true" toc="default"> <name>Bad Ephemeral Randomness</name> <t>If the randomness used for KEM encapsulation is bad- i.e.-- i.e., of low entropy or compromised because of a broken or subverted random number generator--- the confidentiality guarantees of HPKE degrade significantly. In Base mode, confidentiality guarantees can be lost completely; in the other modes, at least forward secrecy with respect to sender compromise can be lost completely.</t> <t>Such a situation could also lead to the reuse of the same KEM shared secret and thus to the reuse of same key-nonce pairs for the AEAD. The AEADs specified in this document are not secure in case of nonce reuse. This attack vector is particularly relevant in authenticated modes because knowledge of the ephemeral randomness is not enough to derive <tt>shared_secret</tt> in these modes.</t> <t>One way for applications to mitigate the impacts of bad ephemeral randomness is to combine ephemeral randomness with a local long-term secret that has been generated securely, as described in <xref target="RFC8937" format="default"/>.</t> </section> <section anchor="hiding-plaintext-length" numbered="true" toc="default"> <name>Hiding Plaintext Length</name> <t>AEAD ciphertexts produced by HPKE do not hide the plaintext length. Applications requiring this level of privacy should use a suitable padding mechanism. See <xref target="I-D.ietf-tls-esni" format="default"/> and <xref target="RFC8467" format="default"/> for examples of protocol-specific padding policies.</t> </section> </section> <section anchor="bidirectional" numbered="true" toc="default"> <name>Bidirectional Encryption</name> <t>As discussed in <xref target="hpke-dem" format="default"/>, HPKE encryption is unidirectional from sender to recipient. Applications that require bidirectional encryption can derive necessary keying material with theSecret Exportsecret export interface<xref(<xref target="hpke-export"format="default"/>.format="default"/>). The type and length of such keying material depends on the application use case.</t> <t>As an example, if an application needs AEAD encryption from the recipient to the sender, it can derive a key and nonce from the corresponding HPKE context as follows:</t><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="pseudocode"><![CDATA[ key = context.Export("response key", Nk) nonce = context.Export("response nonce", Nn)]]></artwork>]]></sourcecode> <t>In this example, the length of each secret is based on the AEAD algorithm used for the corresponding HPKE context.</t> <t>Note that HPKE's limitations with regard to sender authentication become limits on recipient authentication in this context. In particular, in the Base mode, there is no authentication of the remote party at all. Even in the Auth mode, where the remote party has proven that they hold a specific private key, this authentication is still subject toKey-Compromise Impersonation,key-compromise impersonation, as discussed in <xref target="kci" format="default"/>.</t> </section> <section anchor="metadata-protection" numbered="true" toc="default"> <name>Metadata Protection</name> <t>The authenticated modes of HPKE (PSK, Auth, and AuthPSK) require that the recipient know what key material to use for the sender. This can be signaled in applications by sending the PSK ID (<tt>psk_id</tt> above) and/or the sender's public key (<tt>pkS</tt>). However, these values themselves might be considered sensitive,sincesince, in a given application context, they might identify the sender.</t> <t>An application that wishes to protect these metadata values without requiring further provisioning of keys can use an additional instance of HPKE, using the unauthenticated Base mode. Where the application might have sent <tt>(psk_id, pkS, enc, ciphertext)</tt> before, it would now send <tt>(enc2, ciphertext2, enc, ciphertext)</tt>, where <tt>(enc2, ciphertext2)</tt> represent the encryption of the <tt>psk_id</tt> and <tt>pkS</tt> values.</t> <t>The cost of this approach is an additional KEM operation each for the sender and the recipient. A potential lower-cost approach (involving only symmetric operations) would be available if the nonce-protection schemes in <xref target="BNT19" format="default"/> could be extended to cover other metadata. However, this construction would require further analysis.</t> </section> </section> <section anchor="message-encoding" numbered="true" toc="default"> <name>Message Encoding</name> <t>This document does not specify a wire format encoding for HPKE messages. Applications that adopt HPKE must therefore specify an unambiguous encoding mechanismwhichthat includes, minimally: the encapsulated value <tt>enc</tt>, ciphertext value(s) (and order if there are multiple), and any info values that are not implicit. One example of a non-implicit value is the recipient public key used for encapsulation, which may be needed if a recipient has more than one public key.</t> <t>The AEAD interface used in this document is based on <xref target="RFC5116" format="default"/>, which produces and consumes a single ciphertext value. As discussed in <xref target="RFC5116" format="default"/>, this ciphertext value contains the encrypted plaintext as well as any authentication data, encoded in a manner described by the individual AEAD scheme. Some implementations are not structured in this way, instead providing a separate ciphertext and authentication tag. When such AEAD implementations are used in HPKE implementations, the HPKE implementation must combine these inputs into a single ciphertext value within<tt>Seal()</tt>,<tt>Seal()</tt> and parse them out within <tt>Open()</tt>, where the parsing details are defined by the AEAD scheme. For example, with the AES-GCM schemes specified in this document, the GCM authentication tag is placed in the last Nt bytes of the ciphertext output.</t> </section> <section anchor="iana" numbered="true" toc="default"> <name>IANA Considerations</name><t>This document requests the creation of<t>IANA has created three newIANAregistries:</t> <ul spacing="normal"> <li>HPKE KEM Identifiers</li> <li>HPKE KDF Identifiers</li> <li>HPKE AEAD Identifiers</li> </ul> <t>All these registriesshould beare undera heading of"Hybrid Public Key Encryption", and administered under a Specification Required policy <xref target="RFC8126"format="default"/></t>format="default"/>.</t> <section anchor="kem-template" numbered="true" toc="default"> <name>KEM Identifiers</name> <t>The "HPKE KEM Identifiers" registry lists identifiers for key encapsulation algorithms defined for use with HPKE. These identifiers are two-byte values, so the maximum possible value is 0xFFFF = 65535.</t><t>Template:</t> <ul<dl newline="true" spacing="normal"><li>Value: The<dt>Template:</dt> <dd> <dl newline="false" spacing="normal"> <dt>Value:</dt> <dd>The two-byte identifier for thealgorithm</li> <li>KEM: Thealgorithm</dd> <dt>KEM:</dt> <dd>The name of thealgorithm</li> <li>Nsecret: Thealgorithm</dd> <dt>Nsecret:</dt> <dd>The length in bytes of a KEM shared secret produced by thealgorithm</li> <li>Nenc: Thealgorithm</dd> <dt>Nenc:</dt> <dd>The length in bytes of an encoded encapsulated key produced by thealgorithm</li> <li>Npk: Thealgorithm</dd> <dt>Npk:</dt> <dd>The length in bytes of an encoded public key for thealgorithm</li> <li>Nsk: Thealgorithm</dd> <dt>Nsk:</dt> <dd>The length in bytes of an encoded private key for thealgorithm</li> <li>Auth: Aalgorithm</dd> <dt>Auth:</dt> <dd>A boolean indicating if this algorithm provides the <tt>AuthEncap()</tt>/<tt>AuthDecap()</tt>interface</li> <li>Reference: Whereinterface</dd> <dt>Reference:</dt> <dd>Where this algorithm isdefined</li> </ul> <t>Initial contents: Provideddefined</dd> </dl> </dd> </dl> <dl newline="false" spacing="normal"> <dt>Initial contents:</dt> <dd>Provided in <xref target="kemid-values"format="default"/></t>format="default"/></dd> </dl> </section> <section anchor="kdf-identifiers" numbered="true" toc="default"> <name>KDF Identifiers</name> <t>The "HPKE KDF Identifiers" registry lists identifiers for key derivation functions defined for use with HPKE. These identifiers are two-byte values, so the maximum possible value is 0xFFFF = 65535.</t><t>Template:</t> <ul<dl newline="true" spacing="normal"><li>Value: The<dt>Template:</dt> <dd> <dl newline="false" spacing="normal"> <dt>Value:</dt> <dd>The two-byte identifier for thealgorithm</li> <li>KDF: Thealgorithm</dd> <dt>KDF:</dt> <dd>The name of thealgorithm</li> <li>Nh: Thealgorithm</dd> <dt>Nh:</dt> <dd>The output size of the Extract function inbytes</li> <li>Reference: Wherebytes</dd> <dt>Reference:</dt> <dd>Where this algorithm isdefined</li> </ul> <t>Initial contents: Provideddefined</dd> </dl> </dd> </dl> <dl newline="false" spacing="normal"> <dt>Initial contents:</dt> <dd>Provided in <xref target="kdfid-values"format="default"/></t>format="default"/></dd> </dl> </section> <section anchor="aead-identifiers" numbered="true" toc="default"> <name>AEAD Identifiers</name> <t>The "HPKE AEAD Identifiers" registry lists identifiers for authenticated encryption with associated data (AEAD) algorithms defined for use with HPKE. These identifiers are two-byte values, so the maximum possible value is 0xFFFF = 65535.</t><t>Template:</t> <ul<dl newline="true" spacing="normal"><li>Value: The<dt>Template:</dt> <dd> <dl newline="false" spacing="normal"> <dt>Value:</dt> <dd>The two-byte identifier for thealgorithm</li> <li>AEAD: Thealgorithm</dd> <dt>AEAD:</dt> <dd>The name of thealgorithm</li> <li>Nk: Thealgorithm</dd> <dt>Nk:</dt> <dd>The length in bytes of a key for thisalgorithm</li> <li>Nn: Thealgorithm</dd> <dt>Nn:</dt> <dd>The length in bytes of a nonce for thisalgorithm</li> <li>Nt: Thealgorithm</dd> <dt>Nt:</dt> <dd>The length in bytes of an authentication tag for thisalgorithm</li> <li>Reference: Wherealgorithm</dd> <dt>Reference:</dt> <dd>Where this algorithm isdefined</li> </ul> <t>Initial contents: Provideddefined</dd> </dl> </dd> </dl> <dl newline="false" spacing="normal"> <dt>Initial contents:</dt> <dd>Provided in <xref target="aeadid-values"format="default"/></t>format="default"/></dd> </dl> </section> </section><section anchor="acknowledgements" numbered="true" toc="default"> <name>Acknowledgements</name> <t>The authors would like to thank Joel Alwen, Jean-Philippe Aumasson, David Benjamin, Benjamin Beurdouche, Bruno Blanchet, Frank Denis, Stephen Farrell, Scott Fluhrer, Eduard Hauck, Scott Hollenbeck, Kevin Jacobs, Burt Kaliski, Eike Kiltz, Julia Len, John Mattsson, Christopher Patton, Doreen Riepel, Raphael Robert, Michael Rosenberg, Michael Scott, Martin Thomson, Steven Valdez, Riad Wahby, and other contributors in the CFRG for helpful feedback that greatly improved this document.</t> </section></middle> <back> <displayreference target="I-D.ietf-mls-protocol" to="MLS-PROTOCOL"/> <displayreference target="I-D.ietf-tls-esni" to="TLS-ECH"/> <references> <name>References</name> <references> <name>Normative References</name><reference anchor="RFC2119" target="https://www.rfc-editor.org/info/rfc2119"> <front> <title>Key words for use in RFCs to Indicate Requirement Levels</title> <seriesInfo name="DOI" value="10.17487/RFC2119"/> <seriesInfo name="RFC" value="2119"/> <seriesInfo name="BCP" value="14"/> <author fullname="S. Bradner" initials="S." surname="Bradner"> <organization/> </author> <date month="March" year="1997"/> <abstract> <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t> </abstract> </front> </reference> <reference anchor="RFC8174" target="https://www.rfc-editor.org/info/rfc8174"> <front> <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title> <seriesInfo name="DOI" value="10.17487/RFC8174"/> <seriesInfo name="RFC" value="8174"/> <seriesInfo name="BCP" value="14"/> <author fullname="B. Leiba" initials="B." surname="Leiba"> <organization/> </author> <date month="May" year="2017"/> <abstract> <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t> </abstract> </front> </reference> <reference anchor="RFC8017" target="https://www.rfc-editor.org/info/rfc8017"> <front> <title>PKCS #1: RSA Cryptography Specifications Version 2.2</title> <seriesInfo name="DOI" value="10.17487/RFC8017"/> <seriesInfo name="RFC" value="8017"/> <author fullname="K. Moriarty" initials="K." role="editor" surname="Moriarty"> <organization/> </author> <author fullname="B. Kaliski" initials="B." surname="Kaliski"> <organization/> </author> <author fullname="J. Jonsson" initials="J." surname="Jonsson"> <organization/> </author> <author fullname="A. Rusch" initials="A." surname="Rusch"> <organization/> </author> <date month="November" year="2016"/> <abstract> <t>This document provides recommendations for the implementation of public-key cryptography based on the RSA algorithm, covering cryptographic primitives, encryption schemes, signature schemes with appendix, and ASN.1 syntax for representing keys and for identifying the schemes.</t> <t>This document represents a republication of PKCS #1 v2.2 from RSA Laboratories' Public-Key Cryptography Standards (PKCS) series. By publishing this RFC, change control is transferred to the IETF.</t> <t>This document also obsoletes RFC 3447.</t> </abstract> </front> </reference> <reference anchor="RFC5116" target="https://www.rfc-editor.org/info/rfc5116"> <front> <title>An Interface and Algorithms for Authenticated Encryption</title> <seriesInfo name="DOI" value="10.17487/RFC5116"/> <seriesInfo name="RFC" value="5116"/> <author fullname="D. McGrew" initials="D." surname="McGrew"> <organization/> </author> <date month="January" year="2008"/> <abstract> <t>This document defines algorithms for Authenticated Encryption with Associated Data (AEAD), and defines a uniform interface and a registry for such algorithms. The interface and registry can be used as an application-independent set of cryptoalgorithm suites. This approach provides advantages in efficiency and security, and promotes the reuse of crypto implementations. [STANDARDS-TRACK]</t> </abstract> </front> </reference> <reference anchor="RFC8126" target="https://www.rfc-editor.org/info/rfc8126"> <front> <title>Guidelines for Writing an IANA Considerations Section in RFCs</title> <seriesInfo name="DOI" value="10.17487/RFC8126"/> <seriesInfo name="RFC" value="8126"/> <seriesInfo name="BCP" value="26"/> <author fullname="M. Cotton" initials="M." surname="Cotton"> <organization/> </author> <author fullname="B. Leiba" initials="B." surname="Leiba"> <organization/> </author> <author fullname="T. Narten" initials="T." surname="Narten"> <organization/> </author> <date month="June" year="2017"/> <abstract> <t>Many protocols make use of points of extensibility that use constants to identify various protocol parameters. To ensure that the values in these fields do not have conflicting uses and to promote interoperability, their allocations are often coordinated by a central record keeper. For IETF protocols, that role is filled by the Internet Assigned Numbers Authority (IANA).</t> <t>To make assignments in a given registry prudently, guidance describing the conditions under which new values should be assigned, as well as when and how modifications to existing values can be made, is needed. This document defines a framework for the documentation of these guidelines by specification authors, in order to assure that the provided guidance for the IANA Considerations is clear and addresses the various issues that are likely in the operation of a registry.</t> <t>This is the third edition of this document; it obsoletes RFC 5226.</t> </abstract> </front> </reference><xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8017.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5116.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8126.xml"/> </references> <references> <name>Informative References</name> <reference anchor="CS01" target="https://eprint.iacr.org/2001/108"> <front> <title>Design and Analysis of Practical Public-Key Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack</title> <author initials="R." surname="Cramer" fullname="Ronald Cramer"> <organization/> </author> <author initials="V." surname="Shoup" fullname="Victor Shoup"> <organization/> </author> <dateyear="2001"/>year="2001" month="December"/> </front> </reference> <reference anchor="HHK06" target="https://eprint.iacr.org/2006/265"> <front> <title>Some (in)sufficient conditions for secure hybridencryption</title>encryption.</title> <author initials="J." surname="Herranz" fullname="Javier Herranz"> <organization/> </author> <author initials="D." surname="Hofheinz" fullname="Dennis Hofheinz"> <organization/> </author> <author initials="E." surname="Kiltz" fullname="Eike Kiltz"> <organization/> </author> <dateyear="2006"/>year="2006" month="August"/> </front> </reference> <reference anchor="GAP" target="https://link.springer.com/content/pdf/10.1007/3-540-44586-2_8.pdf"> <front> <title>TheGap-Problems - aGap-Problems: A New Class of Problems for the Security of Cryptographic Schemes</title><seriesInfo name="ISBN" value="978-3-540-44586-9"/><author initials="T." surname="Okamoto" fullname="Tatsuaki Okamoto"> <organization/> </author> <author initials="D." surname="Pointcheval" fullname="David Pointcheval"> <organization/> </author> <dateyear="2001"/>year="2001" month="June"/> </front> <seriesInfo name="ISBN" value="978-3-540-44586-9"/> </reference> <reference anchor="ANSI"> <front> <title>ANSI - X9.63 Public Key Cryptography for the Financial Services Industry--Key Agreement and Key Transport Using Elliptic Curve Cryptography</title> <author> <organization>American National StandardsInstitute</organization>Institute (ANSI)</organization> </author> <dateyear="2001"/>year="2001" month="November"/> </front> </reference> <reference anchor="IEEE1363"> <front> <title>IEEE1363a,Standard Specifications forPublic KeyPublic-Key Cryptography - Amendment1 --1: AdditionalTechniques"</title>Techniques</title> <author><organization>Institute of Electrical and Electronics Engineers</organization><organization>IEEE</organization> </author><date year="2004"/></front> <seriesInfo name="IEEE Std" value="1363a-2004"/> </reference> <reference anchor="ISO"> <front><title>ISO/IEC 18033-2, Information Technology<title>Information technology - SecurityTechniquestechniques - EncryptionAlgorithmsalgorithms - Part2 --2: AsymmetricCiphers</title>ciphers</title> <author> <organization>International Organization forStandardization / International Electrotechnical Commission</organization>Standardization</organization> </author> <dateyear="2006"/>year="2006" month="May"/> </front> <seriesInfo name="ISO/IEC" value="18033-2:2006"/> </reference> <reference anchor="SECG" target="https://secg.org/sec1-v2.pdf"> <front><title>Elliptic<title>SEC 1: Elliptic Curve Cryptography,Standards</title> <author> <organization>Standards for Efficient CryptographyGroup, ver. 2</title> <author> <organization/>Group</organization> </author> <dateyear="2009"/>year="2009" month="May"/> </front> <refcontent>Version 2</refcontent> </reference> <reference anchor="BHK09" target="https://eprint.iacr.org/2009/418"> <front> <title>Subtleties in the Definition of IND-CCA: When and How Should Challenge-Decryption be Disallowed?</title> <authorinitials="." surname="Mihirinitials="M." surname="Bellare" fullname="Mihir Bellare"> <organization>University of California San Diego</organization> </author> <authorinitials="." surname="Dennisinitials="D." surname="Hofheinz" fullname="Dennis Hofheinz"> <organization>CWI Amsterdam</organization> </author> <authorinitials="." surname="Eikeinitials="E." surname="Kiltz" fullname="Eike Kiltz"> <organization>CWI Amsterdam</organization> </author> <dateyear="2009"/>year="2009" month="August"/> </front> </reference> <reference anchor="SigncryptionDZ10"> <front> <title>Practical Signcryption</title> <author initials="A." surname="Dent" fullname="Alexander W. Dent"></author> <author initials="Y." surname="Zheng" fullname="Yuliang Zheng"></author> <date year="2010" month="November"/> </front> <seriesInfo name="DOI" value="10.1007/978-3-540-89411-7"/><seriesInfo name="Information<refcontent>Information Securityand" value="Cryptography"/> <author> <organization/> </author> <date year="2010"/> </front>and Cryptography</refcontent> </reference> <reference anchor="HPKEAnalysis" target="https://eprint.iacr.org/2020/243"> <front> <title>An Analysis of Hybrid Public Key Encryption</title> <author initials="B." surname="Lipp" fullname="Benjamin Lipp"> <organization>Inria Paris</organization> </author> <dateyear="2020"/>year="2020" month="February"/> </front> </reference> <reference anchor="ABHKLR20" target="https://eprint.iacr.org/2020/1499"> <front> <title>Analysing the HPKE Standard</title> <author initials="J." surname="Alwen" fullname="Joël Alwen"> <organization>Wickr</organization> </author> <author initials="B." surname="Blanchet" fullname="Bruno Blanchet"> <organization>Inria Paris</organization> </author> <author initials="E." surname="Hauck" fullname="Eduard Hauck"> <organization>Ruhr-Universität Bochum</organization> </author> <author initials="E." surname="Kiltz" fullname="Eike Kiltz"> <organization>Ruhr-Universität Bochum</organization> </author> <author initials="B." surname="Lipp" fullname="Benjamin Lipp"> <organization>Inria Paris</organization> </author> <author initials="D." surname="Riepel" fullname="Doreen Riepel"> <organization>Ruhr-Universität Bochum</organization> </author> <dateyear="2020"/>year="2020" month="November"/> </front> </reference> <reference anchor="MAEA10" target="https://ieeexplore.ieee.org/abstract/document/5604194/"> <front> <title>AComparisoncomparison of theStandardized Versionsstandardized versions of ECIES</title> <author initials="V." surname="Gayoso Martinez" fullname="V. Gayoso Martinez"> <organization>Applied Physics Institute, CSIC, Madrid, Spain</organization> </author> <author initials="F." surname="Hernandez Alvarez" fullname="F. Hernandez Alvarez"> <organization>Applied Physics Institute, CSIC, Madrid, Spain</organization> </author> <author initials="L." surname="Hernandez Encinas" fullname="L. Hernandez Encinas"> <organization>Applied Physics Institute, CSIC, Madrid, Spain</organization> </author> <author initials="C." surname="Sanchez Avila" fullname="C. Sanchez Avila"> <organization>Polytechnic University, Madrid, Spain</organization> </author> <dateyear="2010"/>year="2010" month="October"/> </front> </reference> <reference anchor="BNT19" target="http://dx.doi.org/10.1007/978-3-030-26948-7_9"> <front> <title>Nonces Are Noticed: AEAD Revisited</title> <author initials="M." surname="Bellare" fullname="Mihir Bellare"> <organization>University of California, San Diego</organization> </author> <author initials="R." surname="Ng" fullname="Ruth Ng"> <organization>University of California, San Diego</organization> </author> <author initials="B." surname="Tackmann" fullname="Björn Tackmann"> <organization>IBM Research</organization> </author> <dateyear="2019"/>year="2019" month="August"/> </front> </reference> <reference anchor="IMB"> <front> <title>Authentication and authenticated key exchanges</title><seriesInfo name="DOI" value="10.1007/bf00124891"/> <seriesInfo name="Designs, Codes and Cryptography" value="Vol. 2, pp. 107-125"/><author fullname="Whitfield Diffie" initials="W." surname="Diffie"> <organization/> </author> <author fullname="Paul C. Van Oorschot" initials="P." surname="Van Oorschot"> <organization/> </author> <author fullname="Michael J. Wiener" initials="M." surname="Wiener"> <organization/> </author> <date month="June" year="1992"/> </front> <seriesInfo name="DOI" value="10.1007/bf00124891"/> <refcontent>Designs, Codes and Cryptography, Vol. 2, pp. 107-125</refcontent> </reference> <reference anchor="LGR20"> <front> <title>Partitioning Oracle Attacks</title> <author initials="J." surname="Len" fullname="Julia Len"> <organization>Cornell Tech</organization> </author> <author initials="P." surname="Grubbs" fullname="Paul Grubbs"> <organization>Cornell Tech</organization> </author> <author initials="T." surname="Ristenpart" fullname="Thomas Ristenpart"> <organization>Cornell Tech</organization> </author><date/></front> </reference> <reference anchor="TestVectors" target="https://github.com/cfrg/draft-irtf-cfrg-hpke/blob/5f503c564da00b0687b3de75f1dfbdfc4079ad31/test-vectors.json"> <front> <title>HPKE Test Vectors</title> <author> <organization/> </author><date year="2021"/></front> </reference> <reference anchor="keyagreement"> <front> <title>Recommendation forpair-wise key-establishment schemes using discrete logarithm cryptography</title> <seriesInfo name="DOI" value="10.6028/nist.sp.800-56ar3"/> <seriesInfo name="National Institute of Standards and Technology" value="report"/>Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography</title> <author fullname="Elaine Barker" initials="E." surname="Barker"> <organization/> </author> <author fullname="Lily Chen" initials="L." surname="Chen"> <organization/> </author> <author fullname="Allen Roginsky" initials="A." surname="Roginsky"> <organization/> </author> <author fullname="Apostol Vassilev" initials="A." surname="Vassilev"> <organization/> </author> <author fullname="Richard Davis" initials="R." surname="Davis"> <organization/> </author> <date month="April" year="2018"/> </front> <seriesInfo name="DOI" value="10.6028/nist.sp.800-56ar3"/> <refcontent>NIST Special Publication 800-56A Revision 3</refcontent> </reference> <reference anchor="NISTCurves"> <front> <title>Digital Signature Standard (DSS)</title><seriesInfo name="DOI" value="10.6028/nist.fips.186-4"/> <seriesInfo name="National<author> <organization>National Institute of Standards andTechnology" value="report"/> <author> <organization/>Technology (NIST)</organization> </author> <date month="July" year="2013"/> </front> <seriesInfo name="DOI" value="10.6028/nist.fips.186-4"/> <seriesInfo name="FIPS PUB" value="186-4"/> </reference> <reference anchor="GCM"> <front> <title>Recommendation forblock cipher modesBlock Cipher Modes ofoperation :: GaloisCounterOperation: Galois/Counter Mode (GCM) and GMAC</title><seriesInfo name="DOI" value="10.6028/nist.sp.800-38d"/> <seriesInfo name="National Institute of Standards and Technology" value="report"/><authorfullname="M Jfullname="M. J. Dworkin" initials="M." surname="Dworkin"> <organization/> </author> <dateyear="2007"/>year="2007" month="November"/> </front> <seriesInfo name="DOI" value="10.6028/nist.sp.800-38d"/> <seriesInfo name="SP" value="800-38D"/> </reference> <reference anchor="NaCl" target="https://nacl.cr.yp.to/box.html"> <front> <title>Public-key authenticated encryption: crypto_box</title> <author> <organization/> </author> <dateyear="2019"/> </front> </reference> <reference anchor="RFC1421" target="https://www.rfc-editor.org/info/rfc1421"> <front> <title>Privacy Enhancement for Internet Electronic Mail: Part I: Message Encryption and Authentication Procedures</title> <seriesInfo name="DOI" value="10.17487/RFC1421"/> <seriesInfo name="RFC" value="1421"/> <author fullname="J. Linn" initials="J." surname="Linn"> <organization/> </author> <date month="February" year="1993"/> <abstract> <t>This document defines message encryption and authentication procedures, in order to provide privacy-enhanced mail (PEM) services for electronic mail transfer in the Internet. [STANDARDS-TRACK]</t> </abstract> </front> </reference> <reference anchor="I-D.ietf-mls-protocol" target="https://www.ietf.org/archive/id/draft-ietf-mls-protocol-11.txt"> <front> <title>The Messaging Layer Security (MLS) Protocol</title> <seriesInfo name="Internet-Draft" value="draft-ietf-mls-protocol-11"/> <author fullname="Richard Barnes"> <organization>Cisco</organization> </author> <author fullname="Benjamin Beurdouche"> <organization>Inria</organization> </author> <author fullname="Jon Millican"> <organization>Facebook</organization> </author> <author fullname="Emad Omara"> <organization>Google</organization> </author> <author fullname="Katriel Cohn-Gordon"> <organization>University of Oxford</organization> </author> <author fullname="Raphael Robert"> <organization>Wire</organization> </author> <date day="22" month="December" year="2020"/> <abstract> <t> Messaging applications are increasingly making use of end-to-end security mechanisms to ensure that messages are only accessible to the communicating endpoints, and not to any servers involved in delivering messages. Establishing keys to provide such protections is challenging for group chat settings, in which more than two clients need to agree on a key but may not be online at the same time. In this document, we specify a key establishment protocol that provides efficient asynchronous group key establishment with forward secrecy and post-compromise security for groups in size ranging from two to thousands. </t> </abstract> </front> </reference> <reference anchor="I-D.ietf-tls-esni" target="https://www.ietf.org/archive/id/draft-ietf-tls-esni-13.txt"> <front> <title>TLS Encrypted Client Hello</title> <seriesInfo name="Internet-Draft" value="draft-ietf-tls-esni-13"/> <author fullname="Eric Rescorla"> <organization>RTFM, Inc.</organization> </author> <author fullname="Kazuho Oku"> <organization>Fastly</organization> </author> <author fullname="Nick Sullivan"> <organization>Cloudflare</organization> </author> <author fullname="Christopher A. Wood"> <organization>Cloudflare</organization> </author> <date day="12" month="August" year="2021"/> <abstract> <t> This document describes a mechanism in Transport Layer Security (TLS) for encrypting a ClientHello message under a server public key. Discussion Venues This note is to be removed before publishing as an RFC. Source for this draft and an issue tracker can be found at https://github.com/tlswg/draft-ietf-tls-esni (https://github.com/tlswg/draft-ietf-tls-esni). </t> </abstract> </front> </reference> <reference anchor="RFC7748" target="https://www.rfc-editor.org/info/rfc7748"> <front> <title>Elliptic Curves for Security</title> <seriesInfo name="DOI" value="10.17487/RFC7748"/> <seriesInfo name="RFC" value="7748"/> <author fullname="A. Langley" initials="A." surname="Langley"> <organization/> </author> <author fullname="M. Hamburg" initials="M." surname="Hamburg"> <organization/> </author> <author fullname="S. Turner" initials="S." surname="Turner"> <organization/> </author> <date month="January" year="2016"/> <abstract> <t>This memo specifies two elliptic curves over prime fields that offer a high level of practical security in cryptographic applications, including Transport Layer Security (TLS). These curves are intended to operate at the ~128-bit and ~224-bit security level, respectively, and are generated deterministically based on a list of required properties.</t> </abstract> </front> </reference> <reference anchor="RFC8446" target="https://www.rfc-editor.org/info/rfc8446"> <front> <title>The Transport Layer Security (TLS) Protocol Version 1.3</title> <seriesInfo name="DOI" value="10.17487/RFC8446"/> <seriesInfo name="RFC" value="8446"/> <author fullname="E. Rescorla" initials="E." surname="Rescorla"> <organization/> </author> <date month="August" year="2018"/> <abstract> <t>This document specifies version 1.3 of the Transport Layer Security (TLS) protocol. TLS allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery.</t> <t>This document updates RFCs 5705 and 6066, and obsoletes RFCs 5077, 5246, and 6961. This document also specifies new requirements for TLS 1.2 implementations.</t> </abstract> </front> </reference> <reference anchor="RFC5869" target="https://www.rfc-editor.org/info/rfc5869"> <front> <title>HMAC-based Extract-and-Expand Key Derivation Function (HKDF)</title> <seriesInfo name="DOI" value="10.17487/RFC5869"/> <seriesInfo name="RFC" value="5869"/> <author fullname="H. Krawczyk" initials="H." surname="Krawczyk"> <organization/> </author> <author fullname="P. Eronen" initials="P." surname="Eronen"> <organization/> </author> <date month="May" year="2010"/> <abstract> <t>This document specifies a simple Hashed Message Authentication Code (HMAC)-based key derivation function (HKDF), which can be used as a building block in various protocols and applications. The key derivation function (KDF) is intended to support a wide range of applications and requirements, and is conservative in its use of cryptographic hash functions. This document is not an Internet Standards Track specification; it is published for informational purposes.</t> </abstract> </front> </reference> <reference anchor="RFC8439" target="https://www.rfc-editor.org/info/rfc8439"> <front> <title>ChaCha20 and Poly1305 for IETF Protocols</title> <seriesInfo name="DOI" value="10.17487/RFC8439"/> <seriesInfo name="RFC" value="8439"/> <author fullname="Y. Nir" initials="Y." surname="Nir"> <organization/> </author> <author fullname="A. Langley" initials="A." surname="Langley"> <organization/> </author> <date month="June" year="2018"/> <abstract> <t>This document defines the ChaCha20 stream cipher as well as the use of the Poly1305 authenticator, both as stand-alone algorithms and as a "combined mode", or Authenticated Encryption with Associated Data (AEAD) algorithm.</t> <t>RFC 7539, the predecessor of this document, was meant to serve as a stable reference and an implementation guide. It was a product of the Crypto Forum Research Group (CFRG). This document merges the errata filed against RFC 7539 and adds a little text to the Security Considerations section.</t> </abstract>year="2019" month="March"/> </front> </reference> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.1421.xml"/> <!-- [I-D.ietf-mls-protocol] IESG state I-D Exists --> <xi:include href="https://datatracker.ietf.org/doc/bibxml3/reference.I-D.ietf-mls-protocol.xml"/> <!-- [I-D.ietf-tls-esni] IESG state I-D Exists --> <xi:include href="https://datatracker.ietf.org/doc/bibxml3/reference.I-D.ietf-tls-esni.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7748.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8446.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5869.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8439.xml"/> <reference anchor="BJM97"> <front> <title>Key agreement protocols and their security analysis: Extended Abstract</title><seriesInfo name="DOI" value="10.1007/bfb0024447"/> <seriesInfo name="Crytography and Coding" value="pp. 30-45"/><author fullname="Simon Blake-Wilson" initials="S." surname="Blake-Wilson"> <organization/> </author> <author fullname="Don Johnson" initials="D." surname="Johnson"> <organization/> </author> <author fullname="Alfred Menezes" initials="A." surname="Menezes"> <organization/> </author> <dateyear="1997"/> </front> </reference> <reference anchor="RFC8696" target="https://www.rfc-editor.org/info/rfc8696"> <front> <title>Using Pre-Shared Key (PSK) in the Cryptographic Message Syntax (CMS)</title> <seriesInfo name="DOI" value="10.17487/RFC8696"/> <seriesInfo name="RFC" value="8696"/> <author fullname="R. Housley" initials="R." surname="Housley"> <organization/> </author> <date month="December" year="2019"/> <abstract> <t>The invention of a large-scale quantum computer would pose a serious challenge for the cryptographic algorithms that are widely deployed today. The Cryptographic Message Syntax (CMS) supports key transport and key agreement algorithms that could be broken by the invention of such a quantum computer. By storing communications that are protected with the CMS today, someone could decrypt them in the future when a large-scale quantum computer becomes available. Once quantum-secure key management algorithms are available, the CMS will be extended to support the new algorithms if the existing syntax does not accommodate them. This document describes a mechanism to protect today's communication from the future invention of a large-scale quantum computer by mixing the output of key transport and key agreement algorithms with a pre-shared key.</t> </abstract>year="2005" month="June"/> </front></reference> <reference anchor="RFC8937" target="https://www.rfc-editor.org/info/rfc8937"> <front> <title>Randomness Improvements for Security Protocols</title><seriesInfo name="DOI"value="10.17487/RFC8937"/> <seriesInfo name="RFC" value="8937"/> <author fullname="C. Cremers" initials="C." surname="Cremers"> <organization/> </author> <author fullname="L. Garratt" initials="L." surname="Garratt"> <organization/> </author> <author fullname="S. Smyshlyaev" initials="S." surname="Smyshlyaev"> <organization/> </author> <author fullname="N. Sullivan" initials="N." surname="Sullivan"> <organization/> </author> <author fullname="C. Wood" initials="C." surname="Wood"> <organization/> </author> <date month="October" year="2020"/> <abstract> <t>Randomness is a crucial ingredient for Transport Layer Security (TLS) and related security protocols. Weak or predictable "cryptographically secure" pseudorandom number generators (CSPRNGs) can be abused or exploited for malicious purposes. An initial entropy source that seeds a CSPRNG might be weak or broken as well, which can also lead to critical and systemic security problems. This document describes a way for security protocol implementations to augment their CSPRNGs using long-term private keys. This improves randomness from broken or otherwise subverted CSPRNGs.</t> <t>This document is a product of the Crypto Forum Research Group (CFRG) in the IRTF.</t> </abstract> </front> </reference> <reference anchor="RFC8467" target="https://www.rfc-editor.org/info/rfc8467"> <front> <title>Padding Policies for Extension Mechanisms for DNS (EDNS(0))</title> <seriesInfo name="DOI" value="10.17487/RFC8467"/> <seriesInfo name="RFC" value="8467"/> <author fullname="A. Mayrhofer" initials="A." surname="Mayrhofer"> <organization/> </author> <date month="October" year="2018"/> <abstract> <t>RFC 7830 specifies the "Padding" option for Extension Mechanisms for DNS (EDNS(0)) but does not specify the actual padding length for specific applications. This memo lists the possible options ("padding policies"), discusses the implications of each option,value="10.1007/bfb0024447"/> <refcontent>Crytography andprovides a recommended (experimental) option.</t> </abstract> </front>Coding, pp. 30-45</refcontent> </reference> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8696.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8937.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8467.xml"/> </references> </references> <section anchor="test-vectors" numbered="true" toc="default"> <name>Test Vectors</name> <t>Each section below contains test vectors for a single HPKE ciphersuite and contains the following values:</t> <ol spacing="normal" type="1"> <li>Configuration information and private key material: This includes the <tt>mode</tt>, <tt>info</tt> string, HPKE ciphersuite identifiers (<tt>kem_id</tt>, <tt>kdf_id</tt>, <tt>aead_id</tt>), and all sender, recipient, and ephemeral key material. For each role X, where X is one of S, R, orEE, as sender, recipient, and ephemeral, respectively, key pairs are generated as <tt>(skX, pkX) = DeriveKeyPair(ikmX)</tt>. Each key pair <tt>(skX, pkX)</tt> is written in its serialized form, where <tt>skXm = SerializePrivateKey(skX)</tt> and <tt>pkXm = SerializePublicKey(pkX)</tt>. For applicable modes, the shared PSK and PSK identifier are also included.</li> <li>Context creation intermediate values and outputs: This includes the KEM outputs <tt>enc</tt> and <tt>shared_secret</tt> used to create the context, along with intermediate values <tt>key_schedule_context</tt> and <tt>secret</tt> computed in the KeySchedule function in <xref target="encryption-context" format="default"/>. The outputs include the context values <tt>key</tt>, <tt>base_nonce</tt>, and <tt>exporter_secret</tt>.</li> <li>Encryption test vectors: A fixed plaintext message is encrypted using different sequence numbers andAADassociated data values using the context computed in (2). Each test vector lists the sequence number and corresponding nonce computed with <tt>base_nonce</tt>, the plaintext message <tt>pt</tt>,AADassociated data <tt>aad</tt>, and output ciphertext <tt>ct</tt>.</li> <li>Export test vectors: Several exported values of the same length with differing context parameters are computed using the context computed in (2). Each test vector lists the <tt>exporter_context</tt>, output length <tt>L</tt>, and resulting export value.</li> </ol> <t>These test vectors are also available in JSON format at <xref target="TestVectors" format="default"/>.</t> <section anchor="dhkemx25519-hkdf-sha256-hkdf-sha256-aes-128-gcm" numbered="true" toc="default"> <name>DHKEM(X25519, HKDF-SHA256), HKDF-SHA256, AES-128-GCM</name> <section anchor="base-setup-information" numbered="true" toc="default"> <name>Base Setup Information</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ mode: 0 kem_id: 32 kdf_id: 1 aead_id: 1 info: 4f6465206f6e2061204772656369616e2055726e ikmE: 7268600d403fce431561aef583ee1613527cff655c1343f29812e66706df3234 pkEm: 37fda3567bdbd628e88668c3c8d7e97d1d1253b6d4ea6d44c150f741f1bf4431 skEm: 52c4a758a802cd8b936eceea314432798d5baf2d7e9235dc084ab1b9cfa2f736 ikmR: 6db9df30aa07dd42ee5e8181afdb977e538f5e1fec8a06223f33f7013e525037 pkRm: 3948cfe0ad1ddb695d780e59077195da6c56506b027329794ab02bca80815c4d skRm: 4612c550263fc8ad58375df3f557aac531d26850903e55a9f23f21d8534e8ac8 enc: 37fda3567bdbd628e88668c3c8d7e97d1d1253b6d4ea6d44c150f741f1bf4431 shared_secret: fe0e18c9f024ce43799ae393c7e8fe8fce9d218875e8227b0187c04e7d2ea1fc key_schedule_context:00725611c9d98c07c03f60095cd32d400d8347d45ed67097bb ad50fc56da742d07cb6cffde367bb0565ba28bb02c90744a20f5ef37f30523526106f637 abb0544900725611c9d98c07c03f60095cd32d400d8347d45ed670 97bbad50fc56da742d07cb6cffde367bb0565ba28bb02c90744a20f5ef37f3052352 6106f637abb05449 secret: 12fff91991e93b48de37e7daddb52981084bd8aa64289c3788471d9a9712f397 key: 4531685d41d65f03dc48f6b8302c05b0 base_nonce: 56d890e5accaaf011cff4b7d exporter_secret: 45ff1c2e220db587171952c0592d5f5ebe103f1561a2614e38f2ffd47e99e3f8]]></artwork>]]></sourcecode> <section anchor="encryptions" numbered="true" toc="default"> <name>Encryptions</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ sequence number: 0 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d30 nonce: 56d890e5accaaf011cff4b7d ct:f938558b5d72f1a23810b4be2ab4f84331acc02fc97babc53a52ae8218a355a96d87 70ac83d07bea87e13c512af938558b5d72f1a23810b4be2ab4f84331acc02fc97babc53a52ae8218a355a9 6d8770ac83d07bea87e13c512a sequence number: 1 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d31 nonce: 56d890e5accaaf011cff4b7c ct:af2d7e9ac9ae7e270f46ba1f975be53c09f8d875bdc8535458c2494e8a6eab251c03 d0c22a56b8ca42c2063b84af2d7e9ac9ae7e270f46ba1f975be53c09f8d875bdc8535458c2494e8a6eab25 1c03d0c22a56b8ca42c2063b84 sequence number: 2 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d32 nonce: 56d890e5accaaf011cff4b7f ct:498dfcabd92e8acedc281e85af1cb4e3e31c7dc394a1ca20e173cb72516491588d96 a19ad4a683518973dcc180498dfcabd92e8acedc281e85af1cb4e3e31c7dc394a1ca20e173cb7251649158 8d96a19ad4a683518973dcc180 sequence number: 4 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d34 nonce: 56d890e5accaaf011cff4b79 ct:583bd32bc67a5994bb8ceaca813d369bca7b2a42408cddef5e22f880b631215a09fc 0012bc69fccaa251c0246d583bd32bc67a5994bb8ceaca813d369bca7b2a42408cddef5e22f880b631215a 09fc0012bc69fccaa251c0246d sequence number: 255 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d323535 nonce: 56d890e5accaaf011cff4b82 ct:7175db9717964058640a3a11fb9007941a5d1757fda1a6935c805c21af32505bf106 deefec4a49ac38d71c9e0a7175db9717964058640a3a11fb9007941a5d1757fda1a6935c805c21af32505b f106deefec4a49ac38d71c9e0a sequence number: 256 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d323536 nonce: 56d890e5accaaf011cff4a7d ct:957f9800542b0b8891badb026d79cc54597cb2d225b54c00c5238c25d05c30e3fbed a97d2e0e1aba483a2df9f2 ]]></artwork>957f9800542b0b8891badb026d79cc54597cb2d225b54c00c5238c25d05c30e3 fbeda97d2e0e1aba483a2df9f2 ]]></sourcecode> </section> <section anchor="exported-values" numbered="true" toc="default"> <name>Exported Values</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ exporter_context: L: 32 exported_value: 3853fe2b4035195a573ffc53856e77058e15d9ea064de3e59f4961d0095250ee exporter_context: 00 L: 32 exported_value: 2e8f0b54673c7029649d4eb9d5e33bf1872cf76d623ff164ac185da9e88c21a5 exporter_context: 54657374436f6e74657874 L: 32 exported_value: e9e43065102c3836401bed8c3c3c75ae46be1639869391d62c61f1ec7af54931]]></artwork>]]></sourcecode> </section> </section> <section anchor="psk-setup-information" numbered="true" toc="default"> <name>PSK Setup Information</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ mode: 1 kem_id: 32 kdf_id: 1 aead_id: 1 info: 4f6465206f6e2061204772656369616e2055726e ikmE: 78628c354e46f3e169bd231be7b2ff1c77aa302460a26dbfa15515684c00130b pkEm: 0ad0950d9fb9588e59690b74f1237ecdf1d775cd60be2eca57af5a4b0471c91b skEm: 463426a9ffb42bb17dbe6044b9abd1d4e4d95f9041cef0e99d7824eef2b6f588 ikmR: d4a09d09f575fef425905d2ab396c1449141463f698f8efdb7accfaff8995098 pkRm: 9fed7e8c17387560e92cc6462a68049657246a09bfa8ade7aefe589672016366 skRm: c5eb01eb457fe6c6f57577c5413b931550a162c71a03ac8d196babbd4e5ce0fd psk: 0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82 psk_id: 456e6e796e20447572696e206172616e204d6f726961 enc: 0ad0950d9fb9588e59690b74f1237ecdf1d775cd60be2eca57af5a4b0471c91b shared_secret: 727699f009ffe3c076315019c69648366b69171439bd7dd0807743bde76986cd key_schedule_context:01e78d5cf6190d275863411ff5edd0dece5d39fa48e04eec1e d9b71be34729d18ccb6cffde367bb0565ba28bb02c90744a20f5ef37f30523526106f637 abb0544901e78d5cf6190d275863411ff5edd0dece5d39fa48e04e ec1ed9b71be34729d18ccb6cffde367bb0565ba28bb02c90744a20f5ef37f3052352 6106f637abb05449 secret: 3728ab0b024b383b0381e432b47cced1496d2516957a76e2a9f5c8cb947afca4 key: 15026dba546e3ae05836fc7de5a7bb26 base_nonce: 9518635eba129d5ce0914555 exporter_secret: 3d76025dbbedc49448ec3f9080a1abab6b06e91c0b11ad23c912f043a0ee7655]]></artwork>]]></sourcecode> <section anchor="encryptions-1" numbered="true" toc="default"> <name>Encryptions</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ sequence number: 0 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d30 nonce: 9518635eba129d5ce0914555 ct:e52c6fed7f758d0cf7145689f21bc1be6ec9ea097fef4e959440012f4feb73fb611b 946199e681f4cfc34db8eae52c6fed7f758d0cf7145689f21bc1be6ec9ea097fef4e959440012f4feb73fb 611b946199e681f4cfc34db8ea sequence number: 1 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d31 nonce: 9518635eba129d5ce0914554 ct:49f3b19b28a9ea9f43e8c71204c00d4a490ee7f61387b6719db765e948123b45b616 33ef059ba22cd62437c8ba49f3b19b28a9ea9f43e8c71204c00d4a490ee7f61387b6719db765e948123b45 b61633ef059ba22cd62437c8ba sequence number: 2 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d32 nonce: 9518635eba129d5ce0914557 ct:257ca6a08473dc851fde45afd598cc83e326ddd0abe1ef23baa3baa4dd8cde99fce2 c1e8ce687b0b47ead1adc9257ca6a08473dc851fde45afd598cc83e326ddd0abe1ef23baa3baa4dd8cde99 fce2c1e8ce687b0b47ead1adc9 sequence number: 4 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d34 nonce: 9518635eba129d5ce0914551 ct:a71d73a2cd8128fcccbd328b9684d70096e073b59b40b55e6419c9c68ae21069c847 e2a70f5d8fb821ce3dfb1ca71d73a2cd8128fcccbd328b9684d70096e073b59b40b55e6419c9c68ae21069 c847e2a70f5d8fb821ce3dfb1c sequence number: 255 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d323535 nonce: 9518635eba129d5ce09145aa ct:55f84b030b7f7197f7d7d552365b6b932df5ec1abacd30241cb4bc4ccea27bd2b518 766adfa0fb1b71170e939255f84b030b7f7197f7d7d552365b6b932df5ec1abacd30241cb4bc4ccea27bd2 b518766adfa0fb1b71170e9392 sequence number: 256 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d323536 nonce: 9518635eba129d5ce0914455 ct:c5bf246d4a790a12dcc9eed5eae525081e6fb541d5849e9ce8abd92a3bc1551776be a16b4a518f23e237c14b59 ]]></artwork>c5bf246d4a790a12dcc9eed5eae525081e6fb541d5849e9ce8abd92a3bc15517 76bea16b4a518f23e237c14b59 ]]></sourcecode> </section> <section anchor="exported-values-1" numbered="true" toc="default"> <name>Exported Values</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ exporter_context: L: 32 exported_value: dff17af354c8b41673567db6259fd6029967b4e1aad13023c2ae5df8f4f43bf6 exporter_context: 00 L: 32 exported_value: 6a847261d8207fe596befb52928463881ab493da345b10e1dcc645e3b94e2d95 exporter_context: 54657374436f6e74657874 L: 32 exported_value: 8aff52b45a1be3a734bc7a41e20b4e055ad4c4d22104b0c20285a7c4302401cd]]></artwork>]]></sourcecode> </section> </section> <section anchor="auth-setup-information" numbered="true" toc="default"> <name>Auth Setup Information</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ mode: 2 kem_id: 32 kdf_id: 1 aead_id: 1 info: 4f6465206f6e2061204772656369616e2055726e ikmE: 6e6d8f200ea2fb20c30b003a8b4f433d2f4ed4c2658d5bc8ce2fef718059c9f7 pkEm: 23fb952571a14a25e3d678140cd0e5eb47a0961bb18afcf85896e5453c312e76 skEm: ff4442ef24fbc3c1ff86375b0be1e77e88a0de1e79b30896d73411c5ff4c3518 ikmR: f1d4a30a4cef8d6d4e3b016e6fd3799ea057db4f345472ed302a67ce1c20cdec pkRm: 1632d5c2f71c2b38d0a8fcc359355200caa8b1ffdf28618080466c909cb69b2e skRm: fdea67cf831f1ca98d8e27b1f6abeb5b7745e9d35348b80fa407ff6958f9137e ikmS: 94b020ce91d73fca4649006c7e7329a67b40c55e9e93cc907d282bbbff386f58 pkSm: 8b0c70873dc5aecb7f9ee4e62406a397b350e57012be45cf53b7105ae731790b skSm: dc4a146313cce60a278a5323d321f051c5707e9c45ba21a3479fecdf76fc69dd enc: 23fb952571a14a25e3d678140cd0e5eb47a0961bb18afcf85896e5453c312e76 shared_secret: 2d6db4cf719dc7293fcbf3fa64690708e44e2bebc81f84608677958c0d4448a7 key_schedule_context:02725611c9d98c07c03f60095cd32d400d8347d45ed67097bb ad50fc56da742d07cb6cffde367bb0565ba28bb02c90744a20f5ef37f30523526106f637 abb0544902725611c9d98c07c03f60095cd32d400d8347d45ed670 97bbad50fc56da742d07cb6cffde367bb0565ba28bb02c90744a20f5ef37f3052352 6106f637abb05449 secret: 56c62333d9d9f7767f5b083fdfce0aa7e57e301b74029bb0cffa7331385f1dda key: b062cb2c4dd4bca0ad7c7a12bbc341e6 base_nonce: a1bc314c1942ade7051ffed0 exporter_secret: ee1a093e6e1c393c162ea98fdf20560c75909653550540a2700511b65c88c6f1]]></artwork>]]></sourcecode> <section anchor="encryptions-2" numbered="true" toc="default"> <name>Encryptions</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ sequence number: 0 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d30 nonce: a1bc314c1942ade7051ffed0 ct:5fd92cc9d46dbf8943e72a07e42f363ed5f721212cd90bcfd072bfd9f44e06b80fd1 7824947496e21b680c141b5fd92cc9d46dbf8943e72a07e42f363ed5f721212cd90bcfd072bfd9f44e06b8 0fd17824947496e21b680c141b sequence number: 1 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d31 nonce: a1bc314c1942ade7051ffed1 ct:d3736bb256c19bfa93d79e8f80b7971262cb7c887e35c26370cfed62254369a1b52e 3d505b79dd699f002bc8edd3736bb256c19bfa93d79e8f80b7971262cb7c887e35c26370cfed62254369a1 b52e3d505b79dd699f002bc8ed sequence number: 2 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d32 nonce: a1bc314c1942ade7051ffed2 ct:122175cfd5678e04894e4ff8789e85dd381df48dcaf970d52057df2c9acc3b121313 a2bfeaa986050f82d93645122175cfd5678e04894e4ff8789e85dd381df48dcaf970d52057df2c9acc3b12 1313a2bfeaa986050f82d93645 sequence number: 4 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d34 nonce: a1bc314c1942ade7051ffed4 ct:dae12318660cf963c7bcbef0f39d64de3bf178cf9e585e756654043cc5059873bc8a f190b72afc43d1e0135adadae12318660cf963c7bcbef0f39d64de3bf178cf9e585e756654043cc5059873 bc8af190b72afc43d1e0135ada sequence number: 255 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d323535 nonce: a1bc314c1942ade7051ffe2f ct:55d53d85fe4d9e1e97903101eab0b4865ef20cef28765a47f840ff99625b7d69dee9 27df1defa66a036fc58ff255d53d85fe4d9e1e97903101eab0b4865ef20cef28765a47f840ff99625b7d69 dee927df1defa66a036fc58ff2 sequence number: 256 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d323536 nonce: a1bc314c1942ade7051fffd0 ct:42fa248a0e67ccca688f2b1d13ba4ba84755acf764bd797c8f7ba3b9b1dc3330326f 8d172fef6003c79ec72319 ]]></artwork>42fa248a0e67ccca688f2b1d13ba4ba84755acf764bd797c8f7ba3b9b1dc3330 326f8d172fef6003c79ec72319 ]]></sourcecode> </section> <section anchor="exported-values-2" numbered="true" toc="default"> <name>Exported Values</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ exporter_context: L: 32 exported_value: 28c70088017d70c896a8420f04702c5a321d9cbf0279fba899b59e51bac72c85 exporter_context: 00 L: 32 exported_value: 25dfc004b0892be1888c3914977aa9c9bbaf2c7471708a49e1195af48a6f29ce exporter_context: 54657374436f6e74657874 L: 32 exported_value: 5a0131813abc9a522cad678eb6bafaabc43389934adb8097d23c5ff68059eb64]]></artwork>]]></sourcecode> </section> </section> <section anchor="authpsk-setup-information" numbered="true" toc="default"> <name>AuthPSK Setup Information</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ mode: 3 kem_id: 32 kdf_id: 1 aead_id: 1 info: 4f6465206f6e2061204772656369616e2055726e ikmE: 4303619085a20ebcf18edd22782952b8a7161e1dbae6e46e143a52a96127cf84 pkEm: 820818d3c23993492cc5623ab437a48a0a7ca3e9639c140fe1e33811eb844b7c skEm: 14de82a5897b613616a00c39b87429df35bc2b426bcfd73febcb45e903490768 ikmR: 4b16221f3b269a88e207270b5e1de28cb01f847841b344b8314d6a622fe5ee90 pkRm: 1d11a3cd247ae48e901939659bd4d79b6b959e1f3e7d66663fbc9412dd4e0976 skRm: cb29a95649dc5656c2d054c1aa0d3df0493155e9d5da6d7e344ed8b6a64a9423 ikmS: 62f77dcf5df0dd7eac54eac9f654f426d4161ec850cc65c54f8b65d2e0b4e345 pkSm: 2bfb2eb18fcad1af0e4f99142a1c474ae74e21b9425fc5c589382c69b50cc57e skSm: fc1c87d2f3832adb178b431fce2ac77c7ca2fd680f3406c77b5ecdf818b119f4 psk: 0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82 psk_id: 456e6e796e20447572696e206172616e204d6f726961 enc: 820818d3c23993492cc5623ab437a48a0a7ca3e9639c140fe1e33811eb844b7c shared_secret: f9d0e870aba28d04709b2680cb8185466c6a6ff1d6e9d1091d5bf5e10ce3a577 key_schedule_context:03e78d5cf6190d275863411ff5edd0dece5d39fa48e04eec1e d9b71be34729d18ccb6cffde367bb0565ba28bb02c90744a20f5ef37f30523526106f637 abb0544903e78d5cf6190d275863411ff5edd0dece5d39fa48e04e ec1ed9b71be34729d18ccb6cffde367bb0565ba28bb02c90744a20f5ef37f3052352 6106f637abb05449 secret: 5f96c55e4108c6691829aaabaa7d539c0b41d7c72aae94ae289752f056b6cec4 key: 1364ead92c47aa7becfa95203037b19a base_nonce: 99d8b5c54669807e9fc70df1 exporter_secret: f048d55eacbf60f9c6154bd4021774d1075ebf963c6adc71fa846f183ab2dde6]]></artwork>]]></sourcecode> <section anchor="encryptions-3" numbered="true" toc="default"> <name>Encryptions</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ sequence number: 0 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d30 nonce: 99d8b5c54669807e9fc70df1 ct:a84c64df1e11d8fd11450039d4fe64ff0c8a99fca0bd72c2d4c3e0400bc14a40f27e 45e141a24001697737533ea84c64df1e11d8fd11450039d4fe64ff0c8a99fca0bd72c2d4c3e0400bc14a40 f27e45e141a24001697737533e sequence number: 1 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d31 nonce: 99d8b5c54669807e9fc70df0 ct:4d19303b848f424fc3c3beca249b2c6de0a34083b8e909b6aa4c3688505c05ffe0c8 f57a0a4c5ab9da127435d94d19303b848f424fc3c3beca249b2c6de0a34083b8e909b6aa4c3688505c05ff e0c8f57a0a4c5ab9da127435d9 sequence number: 2 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d32 nonce: 99d8b5c54669807e9fc70df3 ct:0c085a365fbfa63409943b00a3127abce6e45991bc653f182a80120868fc507e9e4d 5e37bcc384fc8f14153b240c085a365fbfa63409943b00a3127abce6e45991bc653f182a80120868fc507e 9e4d5e37bcc384fc8f14153b24 sequence number: 4 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d34 nonce: 99d8b5c54669807e9fc70df5 ct:000a3cd3a3523bf7d9796830b1cd987e841a8bae6561ebb6791a3f0e34e89a4fb539 faeee3428b8bbc082d2c1a000a3cd3a3523bf7d9796830b1cd987e841a8bae6561ebb6791a3f0e34e89a4f b539faeee3428b8bbc082d2c1a sequence number: 255 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d323535 nonce: 99d8b5c54669807e9fc70d0e ct:576d39dd2d4cc77d1a14a51d5c5f9d5e77586c3d8d2ab33bdec6379e28ce5c502f0b 1cbd09047cf9eb9269bb52576d39dd2d4cc77d1a14a51d5c5f9d5e77586c3d8d2ab33bdec6379e28ce5c50 2f0b1cbd09047cf9eb9269bb52 sequence number: 256 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d323536 nonce: 99d8b5c54669807e9fc70cf1 ct:13239bab72e25e9fd5bb09695d23c90a24595158b99127505c8a9ff9f127e0d657f7 1af59d67d4f4971da028f9 ]]></artwork>13239bab72e25e9fd5bb09695d23c90a24595158b99127505c8a9ff9f127e0d6 57f71af59d67d4f4971da028f9 ]]></sourcecode> </section> <section anchor="exported-values-3" numbered="true" toc="default"> <name>Exported Values</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ exporter_context: L: 32 exported_value: 08f7e20644bb9b8af54ad66d2067457c5f9fcb2a23d9f6cb4445c0797b330067 exporter_context: 00 L: 32 exported_value: 52e51ff7d436557ced5265ff8b94ce69cf7583f49cdb374e6aad801fc063b010 exporter_context: 54657374436f6e74657874 L: 32 exported_value: a30c20370c026bbea4dca51cb63761695132d342bae33a6a11527d3e7679436d]]></artwork>]]></sourcecode> </section> </section> </section> <section anchor="dhkemx25519-hkdf-sha256-hkdf-sha256-chacha20poly1305" numbered="true" toc="default"> <name>DHKEM(X25519, HKDF-SHA256), HKDF-SHA256, ChaCha20Poly1305</name> <section anchor="base-setup-information-1" numbered="true" toc="default"> <name>Base Setup Information</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ mode: 0 kem_id: 32 kdf_id: 1 aead_id: 3 info: 4f6465206f6e2061204772656369616e2055726e ikmE: 909a9b35d3dc4713a5e72a4da274b55d3d3821a37e5d099e74a647db583a904b pkEm: 1afa08d3dec047a643885163f1180476fa7ddb54c6a8029ea33f95796bf2ac4a skEm: f4ec9b33b792c372c1d2c2063507b684ef925b8c75a42dbcbf57d63ccd381600 ikmR: 1ac01f181fdf9f352797655161c58b75c656a6cc2716dcb66372da835542e1df pkRm: 4310ee97d88cc1f088a5576c77ab0cf5c3ac797f3d95139c6c84b5429c59662a skRm: 8057991eef8f1f1af18f4a9491d16a1ce333f695d4db8e38da75975c4478e0fb enc: 1afa08d3dec047a643885163f1180476fa7ddb54c6a8029ea33f95796bf2ac4a shared_secret: 0bbe78490412b4bbea4812666f7916932b828bba79942424abb65244930d69a7 key_schedule_context:00431df6cd95e11ff49d7013563baf7f11588c75a6611ee2a4 404a49306ae4cfc5b69c5718a60cc5876c358d3f7fc31ddb598503f67be58ea1e798c0bb 19eb979600431df6cd95e11ff49d7013563baf7f11588c75a6611e e2a4404a49306ae4cfc5b69c5718a60cc5876c358d3f7fc31ddb598503f67be58ea1 e798c0bb19eb9796 secret: 5b9cd775e64b437a2335cf499361b2e0d5e444d5cb41a8a53336d8fe402282c6 key: ad2744de8e17f4ebba575b3f5f5a8fa1f69c2a07f6e7500bc60ca6e3e3ec1c91 base_nonce: 5c4d98150661b848853b547f exporter_secret: a3b010d4994890e2c6968a36f64470d3c824c8f5029942feb11e7a74b2921922]]></artwork>]]></sourcecode> <section anchor="encryptions-4" numbered="true" toc="default"> <name>Encryptions</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ sequence number: 0 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d30 nonce: 5c4d98150661b848853b547f ct:1c5250d8034ec2b784ba2cfd69dbdb8af406cfe3ff938e131f0def8c8b60b4db2199 3c62ce81883d2dd1b51a281c5250d8034ec2b784ba2cfd69dbdb8af406cfe3ff938e131f0def8c8b60b4db 21993c62ce81883d2dd1b51a28 sequence number: 1 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d31 nonce: 5c4d98150661b848853b547e ct:6b53c051e4199c518de79594e1c4ab18b96f081549d45ce015be002090bb119e8528 5337cc95ba5f59992dc98c6b53c051e4199c518de79594e1c4ab18b96f081549d45ce015be002090bb119e 85285337cc95ba5f59992dc98c sequence number: 2 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d32 nonce: 5c4d98150661b848853b547d ct:71146bd6795ccc9c49ce25dda112a48f202ad220559502cef1f34271e0cb4b02b4f1 0ecac6f48c32f878fae86b71146bd6795ccc9c49ce25dda112a48f202ad220559502cef1f34271e0cb4b02 b4f10ecac6f48c32f878fae86b sequence number: 4 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d34 nonce: 5c4d98150661b848853b547b ct:63357a2aa291f5a4e5f27db6baa2af8cf77427c7c1a909e0b37214dd47db122bb153 495ff0b02e9e54a50dbe1663357a2aa291f5a4e5f27db6baa2af8cf77427c7c1a909e0b37214dd47db122b b153495ff0b02e9e54a50dbe16 sequence number: 255 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d323535 nonce: 5c4d98150661b848853b5480 ct:18ab939d63ddec9f6ac2b60d61d36a7375d2070c9b683861110757062c52b8880a5f 6b3936da9cd6c23ef2a95c18ab939d63ddec9f6ac2b60d61d36a7375d2070c9b683861110757062c52b888 0a5f6b3936da9cd6c23ef2a95c sequence number: 256 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d323536 nonce: 5c4d98150661b848853b557f ct:7a4a13e9ef23978e2c520fd4d2e757514ae160cd0cd05e556ef692370ca53076214c 0c40d4c728d6ed9e727a5b ]]></artwork>7a4a13e9ef23978e2c520fd4d2e757514ae160cd0cd05e556ef692370ca53076 214c0c40d4c728d6ed9e727a5b ]]></sourcecode> </section> <section anchor="exported-values-4" numbered="true" toc="default"> <name>Exported Values</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ exporter_context: L: 32 exported_value: 4bbd6243b8bb54cec311fac9df81841b6fd61f56538a775e7c80a9f40160606e exporter_context: 00 L: 32 exported_value: 8c1df14732580e5501b00f82b10a1647b40713191b7c1240ac80e2b68808ba69 exporter_context: 54657374436f6e74657874 L: 32 exported_value: 5acb09211139c43b3090489a9da433e8a30ee7188ba8b0a9a1ccf0c229283e53]]></artwork>]]></sourcecode> </section> </section> <section anchor="psk-setup-information-1" numbered="true" toc="default"> <name>PSK Setup Information</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ mode: 1 kem_id: 32 kdf_id: 1 aead_id: 3 info: 4f6465206f6e2061204772656369616e2055726e ikmE: 35706a0b09fb26fb45c39c2f5079c709c7cf98e43afa973f14d88ece7e29c2e3 pkEm: 2261299c3f40a9afc133b969a97f05e95be2c514e54f3de26cbe5644ac735b04 skEm: 0c35fdf49df7aa01cd330049332c40411ebba36e0c718ebc3edf5845795f6321 ikmR: 26b923eade72941c8a85b09986cdfa3f1296852261adedc52d58d2930269812b pkRm: 13640af826b722fc04feaa4de2f28fbd5ecc03623b317834e7ff4120dbe73062 skRm: 77d114e0212be51cb1d76fa99dd41cfd4d0166b08caa09074430a6c59ef17879 psk: 0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82 psk_id: 456e6e796e20447572696e206172616e204d6f726961 enc: 2261299c3f40a9afc133b969a97f05e95be2c514e54f3de26cbe5644ac735b04 shared_secret: 4be079c5e77779d0215b3f689595d59e3e9b0455d55662d1f3666ec606e50ea7 key_schedule_context:016870c4c76ca38ae43efbec0f2377d109499d7ce73f4a9e1e c37f21d3d063b97cb69c5718a60cc5876c358d3f7fc31ddb598503f67be58ea1e798c0bb 19eb9796016870c4c76ca38ae43efbec0f2377d109499d7ce73f4a 9e1ec37f21d3d063b97cb69c5718a60cc5876c358d3f7fc31ddb598503f67be58ea1 e798c0bb19eb9796 secret: 16974354c497c9bd24c000ceed693779b604f1944975b18c442d373663f4a8cc key: 600d2fdb0313a7e5c86a9ce9221cd95bed069862421744cfb4ab9d7203a9c019 base_nonce: 112e0465562045b7368653e7 exporter_secret: 73b506dc8b6b4269027f80b0362def5cbb57ee50eed0c2873dac9181f453c5ac]]></artwork>]]></sourcecode> <section anchor="encryptions-5" numbered="true" toc="default"> <name>Encryptions</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ sequence number: 0 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d30 nonce: 112e0465562045b7368653e7 ct:4a177f9c0d6f15cfdf533fb65bf84aecdc6ab16b8b85b4cf65a370e07fc1d78d28fb 073214525276f4a89608ff4a177f9c0d6f15cfdf533fb65bf84aecdc6ab16b8b85b4cf65a370e07fc1d78d 28fb073214525276f4a89608ff sequence number: 1 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d31 nonce: 112e0465562045b7368653e6 ct:5c3cabae2f0b3e124d8d864c116fd8f20f3f56fda988c3573b40b09997fd6c769e77 c8eda6cda4f947f5b704a85c3cabae2f0b3e124d8d864c116fd8f20f3f56fda988c3573b40b09997fd6c76 9e77c8eda6cda4f947f5b704a8 sequence number: 2 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d32 nonce: 112e0465562045b7368653e5 ct:14958900b44bdae9cbe5a528bf933c5c990dbb8e282e6e495adf8205d19da9eb270e 3a6f1e0613ab7e757962a414958900b44bdae9cbe5a528bf933c5c990dbb8e282e6e495adf8205d19da9eb 270e3a6f1e0613ab7e757962a4 sequence number: 4 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d34 nonce: 112e0465562045b7368653e3 ct:c2a7bc09ddb853cf2effb6e8d058e346f7fe0fb3476528c80db6b698415c5f8c50b6 8a9a355609e96d2117f8d3c2a7bc09ddb853cf2effb6e8d058e346f7fe0fb3476528c80db6b698415c5f8c 50b68a9a355609e96d2117f8d3 sequence number: 255 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d323535 nonce: 112e0465562045b736865318 ct:2414d0788e4bc39a59a26d7bd5d78e111c317d44c37bd5a4c2a1235f2ddc2085c487 d406490e75210c958724a72414d0788e4bc39a59a26d7bd5d78e111c317d44c37bd5a4c2a1235f2ddc2085 c487d406490e75210c958724a7 sequence number: 256 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d323536 nonce: 112e0465562045b7368652e7 ct:c567ae1c3f0f75abe1dd9e4532b422600ed4a6e5b9484dafb1e43ab9f5fd662b28c0 0e2e81d3cde955dae7e218 ]]></artwork>c567ae1c3f0f75abe1dd9e4532b422600ed4a6e5b9484dafb1e43ab9f5fd662b 28c00e2e81d3cde955dae7e218 ]]></sourcecode> </section> <section anchor="exported-values-5" numbered="true" toc="default"> <name>Exported Values</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ exporter_context: L: 32 exported_value: 813c1bfc516c99076ae0f466671f0ba5ff244a41699f7b2417e4c59d46d39f40 exporter_context: 00 L: 32 exported_value: 2745cf3d5bb65c333658732954ee7af49eb895ce77f8022873a62a13c94cb4e1 exporter_context: 54657374436f6e74657874 L: 32 exported_value: ad40e3ae14f21c99bfdebc20ae14ab86f4ca2dc9a4799d200f43a25f99fa78ae]]></artwork>]]></sourcecode> </section> </section> <section anchor="auth-setup-information-1" numbered="true" toc="default"> <name>Auth Setup Information</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ mode: 2 kem_id: 32 kdf_id: 1 aead_id: 3 info: 4f6465206f6e2061204772656369616e2055726e ikmE: 938d3daa5a8904540bc24f48ae90eed3f4f7f11839560597b55e7c9598c996c0 pkEm: f7674cc8cd7baa5872d1f33dbaffe3314239f6197ddf5ded1746760bfc847e0e skEm: c94619e1af28971c8fa7957192b7e62a71ca2dcdde0a7cc4a8a9e741d600ab13 ikmR: 64835d5ee64aa7aad57c6f2e4f758f7696617f8829e70bc9ac7a5ef95d1c756c pkRm: 1a478716d63cb2e16786ee93004486dc151e988b34b475043d3e0175bdb01c44 skRm: 3ca22a6d1cda1bb9480949ec5329d3bf0b080ca4c45879c95eddb55c70b80b82 ikmS: 9d8f94537d5a3ddef71234c0baedfad4ca6861634d0b94c3007fed557ad17df6 pkSm: f0f4f9e96c54aeed3f323de8534fffd7e0577e4ce269896716bcb95643c8712b skSm: 2def0cb58ffcf83d1062dd085c8aceca7f4c0c3fd05912d847b61f3e54121f05 enc: f7674cc8cd7baa5872d1f33dbaffe3314239f6197ddf5ded1746760bfc847e0e shared_secret: d2d67828c8bc9fa661cf15a31b3ebf1febe0cafef7abfaaca580aaf6d471e3eb key_schedule_context:02431df6cd95e11ff49d7013563baf7f11588c75a6611ee2a4 404a49306ae4cfc5b69c5718a60cc5876c358d3f7fc31ddb598503f67be58ea1e798c0bb 19eb979602431df6cd95e11ff49d7013563baf7f11588c75a6611e e2a4404a49306ae4cfc5b69c5718a60cc5876c358d3f7fc31ddb598503f67be58ea1 e798c0bb19eb9796 secret: 3022dfc0a81d6e09a2e6daeeb605bb1ebb9ac49535540d9a4c6560064a6c6da8 key: b071fd1136680600eb447a845a967d35e9db20749cdf9ce098bcc4deef4b1356 base_nonce: d20577dff16d7cea2c4bf780 exporter_secret: be2d93b82071318cdb88510037cf504344151f2f9b9da8ab48974d40a2251dd7]]></artwork>]]></sourcecode> <section anchor="encryptions-6" numbered="true" toc="default"> <name>Encryptions</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ sequence number: 0 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d30 nonce: d20577dff16d7cea2c4bf780 ct:ab1a13c9d4f01a87ec3440dbd756e2677bd2ecf9df0ce7ed73869b98e00c09be111c b9fdf077347aeb88e61bdfab1a13c9d4f01a87ec3440dbd756e2677bd2ecf9df0ce7ed73869b98e00c09be 111cb9fdf077347aeb88e61bdf sequence number: 1 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d31 nonce: d20577dff16d7cea2c4bf781 ct:3265c7807ffff7fdace21659a2c6ccffee52a26d270c76468ed74202a65478bfaedf ff9c2b7634e24f10b710163265c7807ffff7fdace21659a2c6ccffee52a26d270c76468ed74202a65478bf aedfff9c2b7634e24f10b71016 sequence number: 2 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d32 nonce: d20577dff16d7cea2c4bf782 ct:3aadee86ad2a05081ea860033a9d09dbccb4acac2ded0891da40f51d4df19925f7a7 67b076a5cbc9355c8fd35e3aadee86ad2a05081ea860033a9d09dbccb4acac2ded0891da40f51d4df19925 f7a767b076a5cbc9355c8fd35e sequence number: 4 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d34 nonce: d20577dff16d7cea2c4bf784 ct:502ecccd5c2be3506a081809cc58b43b94f77cbe37b8b31712d9e21c9e61aa6946a8 e922f54eae630f88eb8033502ecccd5c2be3506a081809cc58b43b94f77cbe37b8b31712d9e21c9e61aa69 46a8e922f54eae630f88eb8033 sequence number: 255 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d323535 nonce: d20577dff16d7cea2c4bf77f ct:652e597ba20f3d9241cda61f33937298b1169e6adf72974bbe454297502eb4be132e 1c5064702fc165c2ddbde8652e597ba20f3d9241cda61f33937298b1169e6adf72974bbe454297502eb4be 132e1c5064702fc165c2ddbde8 sequence number: 256 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d323536 nonce: d20577dff16d7cea2c4bf680 ct:3be14e8b3bbd1028cf2b7d0a691dbbeff71321e7dec92d3c2cfb30a0994ab246af76 168480285a60037b4ba13a ]]></artwork>3be14e8b3bbd1028cf2b7d0a691dbbeff71321e7dec92d3c2cfb30a0994ab246 af76168480285a60037b4ba13a ]]></sourcecode> </section> <section anchor="exported-values-6" numbered="true" toc="default"> <name>Exported Values</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ exporter_context: L: 32 exported_value: 070cffafd89b67b7f0eeb800235303a223e6ff9d1e774dce8eac585c8688c872 exporter_context: 00 L: 32 exported_value: 2852e728568d40ddb0edde284d36a4359c56558bb2fb8837cd3d92e46a3a14a8 exporter_context: 54657374436f6e74657874 L: 32 exported_value: 1df39dc5dd60edcbf5f9ae804e15ada66e885b28ed7929116f768369a3f950ee]]></artwork>]]></sourcecode> </section> </section> <section anchor="authpsk-setup-information-1" numbered="true" toc="default"> <name>AuthPSK Setup Information</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ mode: 3 kem_id: 32 kdf_id: 1 aead_id: 3 info: 4f6465206f6e2061204772656369616e2055726e ikmE: 49d6eac8c6c558c953a0a252929a818745bb08cd3d29e15f9f5db5eb2e7d4b84 pkEm: 656a2e00dc9990fd189e6e473459392df556e9a2758754a09db3f51179a3fc02 skEm: 5e6dd73e82b856339572b7245d3cbb073a7561c0bee52873490e305cbb710410 ikmR: f3304ddcf15848488271f12b75ecaf72301faabf6ad283654a14c398832eb184 pkRm: a5099431c35c491ec62ca91df1525d6349cb8aa170c51f9581f8627be6334851 skRm: 7b36a42822e75bf3362dfabbe474b3016236408becb83b859a6909e22803cb0c ikmS: 20ade1d5203de1aadfb261c4700b6432e260d0d317be6ebbb8d7fffb1f86ad9d pkSm: 3ac5bd4dd66ff9f2740bef0d6ccb66daa77bff7849d7895182b07fb74d087c45 skSm: 90761c5b0a7ef0985ed66687ad708b921d9803d51637c8d1cb72d03ed0f64418 psk: 0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82 psk_id: 456e6e796e20447572696e206172616e204d6f726961 enc: 656a2e00dc9990fd189e6e473459392df556e9a2758754a09db3f51179a3fc02 shared_secret: 86a6c0ed17714f11d2951747e660857a5fd7616c933ef03207808b7a7123fe67 key_schedule_context:036870c4c76ca38ae43efbec0f2377d109499d7ce73f4a9e1e c37f21d3d063b97cb69c5718a60cc5876c358d3f7fc31ddb598503f67be58ea1e798c0bb 19eb9796036870c4c76ca38ae43efbec0f2377d109499d7ce73f4a 9e1ec37f21d3d063b97cb69c5718a60cc5876c358d3f7fc31ddb598503f67be58ea1 e798c0bb19eb9796 secret: 22670daee17530c9564001d0a7e740e80d0bcc7ae15349f472fcc9e057cbc259 key: 49c7e6d7d2d257aded2a746fe6a9bf12d4de8007c4862b1fdffe8c35fb65054c base_nonce: abac79931e8c1bcb8a23960a exporter_secret: 7c6cc1bb98993cd93e2599322247a58fd41fdecd3db895fb4c5fd8d6bbe606b5]]></artwork>]]></sourcecode> <section anchor="encryptions-7" numbered="true" toc="default"> <name>Encryptions</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ sequence number: 0 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d30 nonce: abac79931e8c1bcb8a23960a ct:9aa52e29274fc6172e38a4461361d2342585d3aeec67fb3b721ecd63f059577c7fe8 86be0ede01456ebc67d5979aa52e29274fc6172e38a4461361d2342585d3aeec67fb3b721ecd63f059577c 7fe886be0ede01456ebc67d597 sequence number: 1 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d31 nonce: abac79931e8c1bcb8a23960b ct:59460bacdbe7a920ef2806a74937d5a691d6d5062d7daafcad7db7e4d8c649adffe5 75c1889c5c2e3a49af8e3e59460bacdbe7a920ef2806a74937d5a691d6d5062d7daafcad7db7e4d8c649ad ffe575c1889c5c2e3a49af8e3e sequence number: 2 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d32 nonce: abac79931e8c1bcb8a239608 ct:5688ff6a03ba26ae936044a5c800f286fb5d1eccdd2a0f268f6ff9773b51169318d1 a1466bb36263415071db005688ff6a03ba26ae936044a5c800f286fb5d1eccdd2a0f268f6ff9773b511693 18d1a1466bb36263415071db00 sequence number: 4 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d34 nonce: abac79931e8c1bcb8a23960e ct:d936b7a01f5c7dc4c3dc04e322cc694684ee18dd71719196874e5235aed3cfb06cad cd3bc7da0877488d7c551dd936b7a01f5c7dc4c3dc04e322cc694684ee18dd71719196874e5235aed3cfb0 6cadcd3bc7da0877488d7c551d sequence number: 255 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d323535 nonce: abac79931e8c1bcb8a2396f5 ct:4d4c462f7b9b637eaf1f4e15e325b7bc629c0af6e3073422c86064cc3c98cff87300 f054fd56dd57dc34358beb4d4c462f7b9b637eaf1f4e15e325b7bc629c0af6e3073422c86064cc3c98cff8 7300f054fd56dd57dc34358beb sequence number: 256 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d323536 nonce: abac79931e8c1bcb8a23970a ct:9b7f84224922d2a9edd7b2c2057f3bcf3a547f17570575e626202e593bfdd99e9878 a1af9e41ded58c7fb77d2f ]]></artwork>9b7f84224922d2a9edd7b2c2057f3bcf3a547f17570575e626202e593bfdd99e 9878a1af9e41ded58c7fb77d2f ]]></sourcecode> </section> <section anchor="exported-values-7" numbered="true" toc="default"> <name>Exported Values</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ exporter_context: L: 32 exported_value: c23ebd4e7a0ad06a5dddf779f65004ce9481069ce0f0e6dd51a04539ddcbd5cd exporter_context: 00 L: 32 exported_value: ed7ff5ca40a3d84561067ebc8e01702bc36cf1eb99d42a92004642b9dfaadd37 exporter_context: 54657374436f6e74657874 L: 32 exported_value: d3bae066aa8da27d527d85c040f7dd6ccb60221c902ee36a82f70bcd62a60ee4]]></artwork>]]></sourcecode> </section> </section> </section> <section anchor="dhkemp-256-hkdf-sha256-hkdf-sha256-aes-128-gcm" numbered="true" toc="default"> <name>DHKEM(P-256, HKDF-SHA256), HKDF-SHA256, AES-128-GCM</name> <section anchor="base-setup-information-2" numbered="true" toc="default"> <name>Base Setup Information</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ mode: 0 kem_id: 16 kdf_id: 1 aead_id: 1 info: 4f6465206f6e2061204772656369616e2055726e ikmE: 4270e54ffd08d79d5928020af4686d8f6b7d35dbe470265f1f5aa22816ce860e pkEm:04a92719c6195d5085104f469a8b9814d5838ff72b60501e2c4466e5e67b325ac9 8536d7b61a1af4b78e5b7f951c0900be863c403ce65c9bfcb9382657222d18c404a92719c6195d5085104f469a8b9814d5838ff72b60501e2c4466e5e67b32 5ac98536d7b61a1af4b78e5b7f951c0900be863c403ce65c9bfcb9382657222d18c4 skEm: 4995788ef4b9d6132b249ce59a77281493eb39af373d236a1fe415cb0c2d7beb ikmR: 668b37171f1072f3cf12ea8a236a45df23fc13b82af3609ad1e354f6ef817550 pkRm:04fe8c19ce0905191ebc298a9245792531f26f0cece2460639e8bc39cb7f706a82 6a779b4cf969b8a0e539c7f62fb3d30ad6aa8f80e30f1d128aafd68a2ce72ea004fe8c19ce0905191ebc298a9245792531f26f0cece2460639e8bc39cb7f70 6a826a779b4cf969b8a0e539c7f62fb3d30ad6aa8f80e30f1d128aafd68a2ce72ea0 skRm: f3ce7fdae57e1a310d87f1ebbde6f328be0a99cdbcadf4d6589cf29de4b8ffd2 enc:04a92719c6195d5085104f469a8b9814d5838ff72b60501e2c4466e5e67b325ac98 536d7b61a1af4b78e5b7f951c0900be863c403ce65c9bfcb9382657222d18c404a92719c6195d5085104f469a8b9814d5838ff72b60501e2c4466e5e67b325 ac98536d7b61a1af4b78e5b7f951c0900be863c403ce65c9bfcb9382657222d18c4 shared_secret: c0d26aeab536609a572b07695d933b589dcf363ff9d93c93adea537aeabb8cb8 key_schedule_context:00b88d4e6d91759e65e87c470e8b9141113e9ad5f0c8ceefc1 e088c82e6980500798e486f9c9c09c9b5c753ac72d6005de254c607d1b534ed11d493ae1 c1d9ac8500b88d4e6d91759e65e87c470e8b9141113e9ad5f0c8ce efc1e088c82e6980500798e486f9c9c09c9b5c753ac72d6005de254c607d1b534ed1 1d493ae1c1d9ac85 secret: 2eb7b6bf138f6b5aff857414a058a3f1750054a9ba1f72c2cf0684a6f20b10e1 key: 868c066ef58aae6dc589b6cfdd18f97e base_nonce: 4e0bc5018beba4bf004cca59 exporter_secret: 14ad94af484a7ad3ef40e9f3be99ecc6fa9036df9d4920548424df127ee0d99f]]></artwork>]]></sourcecode> <section anchor="encryptions-8" numbered="true" toc="default"> <name>Encryptions</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ sequence number: 0 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d30 nonce: 4e0bc5018beba4bf004cca59 ct:5ad590bb8baa577f8619db35a36311226a896e7342a6d836d8b7bcd2f20b6c7f9076 ac232e3ab2523f395134345ad590bb8baa577f8619db35a36311226a896e7342a6d836d8b7bcd2f20b6c7f 9076ac232e3ab2523f39513434 sequence number: 1 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d31 nonce: 4e0bc5018beba4bf004cca58 ct:fa6f037b47fc21826b610172ca9637e82d6e5801eb31cbd3748271affd4ecb06646e 0329cbdf3c3cd655b28e82fa6f037b47fc21826b610172ca9637e82d6e5801eb31cbd3748271affd4ecb06 646e0329cbdf3c3cd655b28e82 sequence number: 2 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d32 nonce: 4e0bc5018beba4bf004cca5b ct:895cabfac50ce6c6eb02ffe6c048bf53b7f7be9a91fc559402cbc5b8dcaeb52b2ccc 93e466c28fb55fed7a7fec895cabfac50ce6c6eb02ffe6c048bf53b7f7be9a91fc559402cbc5b8dcaeb52b 2ccc93e466c28fb55fed7a7fec sequence number: 4 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d34 nonce: 4e0bc5018beba4bf004cca5d ct:8787491ee8df99bc99a246c4b3216d3d57ab5076e18fa27133f520703bc70ec999dd 36ce042e44f0c3169a6a8f8787491ee8df99bc99a246c4b3216d3d57ab5076e18fa27133f520703bc70ec9 99dd36ce042e44f0c3169a6a8f sequence number: 255 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d323535 nonce: 4e0bc5018beba4bf004ccaa6 ct:2ad71c85bf3f45c6eca301426289854b31448bcf8a8ccb1deef3ebd87f60848aa53c 538c30a4dac71d619ee2cd2ad71c85bf3f45c6eca301426289854b31448bcf8a8ccb1deef3ebd87f60848a a53c538c30a4dac71d619ee2cd sequence number: 256 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d323536 nonce: 4e0bc5018beba4bf004ccb59 ct:10f179686aa2caec1758c8e554513f16472bd0a11e2a907dde0b212cbe87d74f367f 8ffe5e41cd3e9962a6afb2 ]]></artwork>10f179686aa2caec1758c8e554513f16472bd0a11e2a907dde0b212cbe87d74f 367f8ffe5e41cd3e9962a6afb2 ]]></sourcecode> </section> <section anchor="exported-values-8" numbered="true" toc="default"> <name>Exported Values</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ exporter_context: L: 32 exported_value: 5e9bc3d236e1911d95e65b576a8a86d478fb827e8bdfe77b741b289890490d4d exporter_context: 00 L: 32 exported_value: 6cff87658931bda83dc857e6353efe4987a201b849658d9b047aab4cf216e796 exporter_context: 54657374436f6e74657874 L: 32 exported_value: d8f1ea7942adbba7412c6d431c62d01371ea476b823eb697e1f6e6cae1dab85a]]></artwork>]]></sourcecode> </section> </section> <section anchor="psk-setup-information-2" numbered="true" toc="default"> <name>PSK Setup Information</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ mode: 1 kem_id: 16 kdf_id: 1 aead_id: 1 info: 4f6465206f6e2061204772656369616e2055726e ikmE: 2afa611d8b1a7b321c761b483b6a053579afa4f767450d3ad0f84a39fda587a6 pkEm:04305d35563527bce037773d79a13deabed0e8e7cde61eecee403496959e89e4d0 ca701726696d1485137ccb5341b3c1c7aaee90a4a02449725e744b1193b53b5f04305d35563527bce037773d79a13deabed0e8e7cde61eecee403496959e89 e4d0ca701726696d1485137ccb5341b3c1c7aaee90a4a02449725e744b1193b53b5f skEm: 57427244f6cc016cddf1c19c8973b4060aa13579b4c067fd5d93a5d74e32a90f ikmR: d42ef874c1913d9568c9405407c805baddaffd0898a00f1e84e154fa787b2429 pkRm:040d97419ae99f13007a93996648b2674e5260a8ebd2b822e84899cd52d87446ea 394ca76223b76639eccdf00e1967db10ade37db4e7db476261fcc8df97c5ffd1040d97419ae99f13007a93996648b2674e5260a8ebd2b822e84899cd52d874 46ea394ca76223b76639eccdf00e1967db10ade37db4e7db476261fcc8df97c5ffd1 skRm: 438d8bcef33b89e0e9ae5eb0957c353c25a94584b0dd59c991372a75b43cb661 psk: 0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82 psk_id: 456e6e796e20447572696e206172616e204d6f726961 enc:04305d35563527bce037773d79a13deabed0e8e7cde61eecee403496959e89e4d0c a701726696d1485137ccb5341b3c1c7aaee90a4a02449725e744b1193b53b5f04305d35563527bce037773d79a13deabed0e8e7cde61eecee403496959e89e 4d0ca701726696d1485137ccb5341b3c1c7aaee90a4a02449725e744b1193b53b5f shared_secret: 2e783ad86a1beae03b5749e0f3f5e9bb19cb7eb382f2fb2dd64c99f15ae0661b key_schedule_context:01b873cdf2dff4c1434988053b7a775e980dd2039ea24f950b 26b056ccedcb933198e486f9c9c09c9b5c753ac72d6005de254c607d1b534ed11d493ae1 c1d9ac8501b873cdf2dff4c1434988053b7a775e980dd2039ea24f 950b26b056ccedcb933198e486f9c9c09c9b5c753ac72d6005de254c607d1b534ed1 1d493ae1c1d9ac85 secret: f2f534e55931c62eeb2188c1f53450354a725183937e68c85e68d6b267504d26 key: 55d9eb9d26911d4c514a990fa8d57048 base_nonce: b595dc6b2d7e2ed23af529b1 exporter_secret: 895a723a1eab809804973a53c0ee18ece29b25a7555a4808277ad2651d66d705]]></artwork>]]></sourcecode> <section anchor="encryptions-9" numbered="true" toc="default"> <name>Encryptions</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ sequence number: 0 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d30 nonce: b595dc6b2d7e2ed23af529b1 ct:90c4deb5b75318530194e4bb62f890b019b1397bbf9d0d6eb918890e1fb2be1ac260 3193b60a49c2126b75d0eb90c4deb5b75318530194e4bb62f890b019b1397bbf9d0d6eb918890e1fb2be1a c2603193b60a49c2126b75d0eb sequence number: 1 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d31 nonce: b595dc6b2d7e2ed23af529b0 ct:9e223384a3620f4a75b5a52f546b7262d8826dea18db5a365feb8b997180b22d72dc 1287f7089a1073a7102c279e223384a3620f4a75b5a52f546b7262d8826dea18db5a365feb8b997180b22d 72dc1287f7089a1073a7102c27 sequence number: 2 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d32 nonce: b595dc6b2d7e2ed23af529b3 ct:adf9f6000773035023be7d415e13f84c1cb32a24339a32eb81df02be9ddc6abc880d d81cceb7c1d0c7781465b2adf9f6000773035023be7d415e13f84c1cb32a24339a32eb81df02be9ddc6abc 880dd81cceb7c1d0c7781465b2 sequence number: 4 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d34 nonce: b595dc6b2d7e2ed23af529b5 ct:1f4cc9b7013d65511b1f69c050b7bd8bbd5a5c16ece82b238fec4f30ba2400e7ca8e e482ac5253cffb5c3dc5771f4cc9b7013d65511b1f69c050b7bd8bbd5a5c16ece82b238fec4f30ba2400e7 ca8ee482ac5253cffb5c3dc577 sequence number: 255 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d323535 nonce: b595dc6b2d7e2ed23af5294e ct:cdc541253111ed7a424eea5134dc14fc5e8293ab3b537668b8656789628e45894e5b b873c968e3b7cdcbb654a4cdc541253111ed7a424eea5134dc14fc5e8293ab3b537668b8656789628e4589 4e5bb873c968e3b7cdcbb654a4 sequence number: 256 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d323536 nonce: b595dc6b2d7e2ed23af528b1 ct:faf985208858b1253b97b60aecd28bc18737b58d1242370e7703ec33b73a4c31a1af ee300e349adef9015bbbfd ]]></artwork>faf985208858b1253b97b60aecd28bc18737b58d1242370e7703ec33b73a4c31 a1afee300e349adef9015bbbfd ]]></sourcecode> </section> <section anchor="exported-values-9" numbered="true" toc="default"> <name>Exported Values</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ exporter_context: L: 32 exported_value: a115a59bf4dd8dc49332d6a0093af8efca1bcbfd3627d850173f5c4a55d0c185 exporter_context: 00 L: 32 exported_value: 4517eaede0669b16aac7c92d5762dd459c301fa10e02237cd5aeb9be969430c4 exporter_context: 54657374436f6e74657874 L: 32 exported_value: 164e02144d44b607a7722e58b0f4156e67c0c2874d74cf71da6ca48a4cbdc5e0]]></artwork>]]></sourcecode> </section> </section> <section anchor="auth-setup-information-2" numbered="true" toc="default"> <name>Auth Setup Information</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ mode: 2 kem_id: 16 kdf_id: 1 aead_id: 1 info: 4f6465206f6e2061204772656369616e2055726e ikmE: 798d82a8d9ea19dbc7f2c6dfa54e8a6706f7cdc119db0813dacf8440ab37c857 pkEm:042224f3ea800f7ec55c03f29fc9865f6ee27004f818fcbdc6dc68932c1e52e15b 79e264a98f2c535ef06745f3d308624414153b22c7332bc1e691cb4af4d53454042224f3ea800f7ec55c03f29fc9865f6ee27004f818fcbdc6dc68932c1e52 e15b79e264a98f2c535ef06745f3d308624414153b22c7332bc1e691cb4af4d53454 skEm: 6b8de0873aed0c1b2d09b8c7ed54cbf24fdf1dfc7a47fa501f918810642d7b91 ikmR: 7bc93bde8890d1fb55220e7f3b0c107ae7e6eda35ca4040bb6651284bf0747ee pkRm:04423e363e1cd54ce7b7573110ac121399acbc9ed815fae03b72ffbd4c18b01836 835c5a09513f28fc971b7266cfde2e96afe84bb0f266920e82c4f53b36e1a78d04423e363e1cd54ce7b7573110ac121399acbc9ed815fae03b72ffbd4c18b0 1836835c5a09513f28fc971b7266cfde2e96afe84bb0f266920e82c4f53b36e1a78d skRm: d929ab4be2e59f6954d6bedd93e638f02d4046cef21115b00cdda2acb2a4440e ikmS: 874baa0dcf93595a24a45a7f042e0d22d368747daaa7e19f80a802af19204ba8 pkSm:04a817a0902bf28e036d66add5d544cc3a0457eab150f104285df1e293b5c10eef 8651213e43d9cd9086c80b309df22cf37609f58c1127f7607e85f210b2804f7304a817a0902bf28e036d66add5d544cc3a0457eab150f104285df1e293b5c1 0eef8651213e43d9cd9086c80b309df22cf37609f58c1127f7607e85f210b2804f73 skSm: 1120ac99fb1fccc1e8230502d245719d1b217fe20505c7648795139d177f0de9 enc:042224f3ea800f7ec55c03f29fc9865f6ee27004f818fcbdc6dc68932c1e52e15b7 9e264a98f2c535ef06745f3d308624414153b22c7332bc1e691cb4af4d53454042224f3ea800f7ec55c03f29fc9865f6ee27004f818fcbdc6dc68932c1e52e 15b79e264a98f2c535ef06745f3d308624414153b22c7332bc1e691cb4af4d53454 shared_secret: d4aea336439aadf68f9348880aa358086f1480e7c167b6ef15453ba69b94b44f key_schedule_context:02b88d4e6d91759e65e87c470e8b9141113e9ad5f0c8ceefc1 e088c82e6980500798e486f9c9c09c9b5c753ac72d6005de254c607d1b534ed11d493ae1 c1d9ac8502b88d4e6d91759e65e87c470e8b9141113e9ad5f0c8ce efc1e088c82e6980500798e486f9c9c09c9b5c753ac72d6005de254c607d1b534ed1 1d493ae1c1d9ac85 secret: fd0a93c7c6f6b1b0dd6a822d7b16f6c61c83d98ad88426df4613c3581a2319f1 key: 19aa8472b3fdc530392b0e54ca17c0f5 base_nonce: b390052d26b67a5b8a8fcaa4 exporter_secret: f152759972660eb0e1db880835abd5de1c39c8e9cd269f6f082ed80e28acb164]]></artwork>]]></sourcecode> <section anchor="encryptions-10" numbered="true" toc="default"> <name>Encryptions</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ sequence number: 0 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d30 nonce: b390052d26b67a5b8a8fcaa4 ct:82ffc8c44760db691a07c5627e5fc2c08e7a86979ee79b494a17cc3405446ac2bdb8 f265db4a099ed3289ffe1982ffc8c44760db691a07c5627e5fc2c08e7a86979ee79b494a17cc3405446ac2 bdb8f265db4a099ed3289ffe19 sequence number: 1 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d31 nonce: b390052d26b67a5b8a8fcaa5 ct:b0a705a54532c7b4f5907de51c13dffe1e08d55ee9ba59686114b05945494d96725b 239468f1229e3966aa1250b0a705a54532c7b4f5907de51c13dffe1e08d55ee9ba59686114b05945494d96 725b239468f1229e3966aa1250 sequence number: 2 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d32 nonce: b390052d26b67a5b8a8fcaa6 ct:8dc805680e3271a801790833ed74473710157645584f06d1b53ad439078d880b23e2 5256663178271c80ee8b7c8dc805680e3271a801790833ed74473710157645584f06d1b53ad439078d880b 23e25256663178271c80ee8b7c sequence number: 4 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d34 nonce: b390052d26b67a5b8a8fcaa0 ct:04c8f7aae1584b61aa5816382cb0b834a5d744f420e6dffb5ddcec633a21b8b34728 20930c1ea9258b035937a204c8f7aae1584b61aa5816382cb0b834a5d744f420e6dffb5ddcec633a21b8b3 472820930c1ea9258b035937a2 sequence number: 255 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d323535 nonce: b390052d26b67a5b8a8fca5b ct:4a319462eaedee37248b4d985f64f4f863d31913fe9e30b6e13136053b69fe5d7085 3c84c60a84bb5495d5a6784a319462eaedee37248b4d985f64f4f863d31913fe9e30b6e13136053b69fe5d 70853c84c60a84bb5495d5a678 sequence number: 256 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d323536 nonce: b390052d26b67a5b8a8fcba4 ct:28e874512f8940fafc7d06135e7589f6b4198bc0f3a1c64702e72c9e6abaf9f05cb0 d2f11b03a517898815c934 ]]></artwork>28e874512f8940fafc7d06135e7589f6b4198bc0f3a1c64702e72c9e6abaf9f0 5cb0d2f11b03a517898815c934 ]]></sourcecode> </section> <section anchor="exported-values-10" numbered="true" toc="default"> <name>Exported Values</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ exporter_context: L: 32 exported_value: 837e49c3ff629250c8d80d3c3fb957725ed481e59e2feb57afd9fe9a8c7c4497 exporter_context: 00 L: 32 exported_value: 594213f9018d614b82007a7021c3135bda7b380da4acd9ab27165c508640dbda exporter_context: 54657374436f6e74657874 L: 32 exported_value: 14fe634f95ca0d86e15247cca7de7ba9b73c9b9deb6437e1c832daf7291b79d5]]></artwork>]]></sourcecode> </section> </section> <section anchor="authpsk-setup-information-2" numbered="true" toc="default"> <name>AuthPSK Setup Information</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ mode: 3 kem_id: 16 kdf_id: 1 aead_id: 1 info: 4f6465206f6e2061204772656369616e2055726e ikmE: 3c1fceb477ec954c8d58ef3249e4bb4c38241b5925b95f7486e4d9f1d0d35fbb pkEm:046a1de3fc26a3d43f4e4ba97dbe24f7e99181136129c48fbe872d4743e2b13135 7ed4f29a7b317dc22509c7b00991ae990bf65f8b236700c82ab7c11a84511401046a1de3fc26a3d43f4e4ba97dbe24f7e99181136129c48fbe872d4743e2b1 31357ed4f29a7b317dc22509c7b00991ae990bf65f8b236700c82ab7c11a84511401 skEm: 36f771e411cf9cf72f0701ef2b991ce9743645b472e835fe234fb4d6eb2ff5a0 ikmR: abcc2da5b3fa81d8aabd91f7f800a8ccf60ec37b1b585a5d1d1ac77f258b6cca pkRm:04d824d7e897897c172ac8a9e862e4bd820133b8d090a9b188b8233a64dfbc5f72 5aa0aa52c8462ab7c9188f1c4872f0c99087a867e8a773a13df48a627058e1b304d824d7e897897c172ac8a9e862e4bd820133b8d090a9b188b8233a64dfbc 5f725aa0aa52c8462ab7c9188f1c4872f0c99087a867e8a773a13df48a627058e1b3 skRm: bdf4e2e587afdf0930644a0c45053889ebcadeca662d7c755a353d5b4e2a8394 ikmS: 6262031f040a9db853edd6f91d2272596eabbc78a2ed2bd643f770ecd0f19b82 pkSm:049f158c750e55d8d5ad13ede66cf6e79801634b7acadcad72044eac2ae1d04800 69133d6488bf73863fa988c4ba8bde1c2e948b761274802b4d8012af4f13af9e049f158c750e55d8d5ad13ede66cf6e79801634b7acadcad72044eac2ae1d0 480069133d6488bf73863fa988c4ba8bde1c2e948b761274802b4d8012af4f13af9e skSm: b0ed8721db6185435898650f7a677affce925aba7975a582653c4cb13c72d240 psk: 0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82 psk_id: 456e6e796e20447572696e206172616e204d6f726961 enc:046a1de3fc26a3d43f4e4ba97dbe24f7e99181136129c48fbe872d4743e2b131357 ed4f29a7b317dc22509c7b00991ae990bf65f8b236700c82ab7c11a84511401046a1de3fc26a3d43f4e4ba97dbe24f7e99181136129c48fbe872d4743e2b13 1357ed4f29a7b317dc22509c7b00991ae990bf65f8b236700c82ab7c11a84511401 shared_secret: d4c27698391db126f1612d9e91a767f10b9b19aa17e1695549203f0df7d9aebe key_schedule_context:03b873cdf2dff4c1434988053b7a775e980dd2039ea24f950b 26b056ccedcb933198e486f9c9c09c9b5c753ac72d6005de254c607d1b534ed11d493ae1 c1d9ac8503b873cdf2dff4c1434988053b7a775e980dd2039ea24f 950b26b056ccedcb933198e486f9c9c09c9b5c753ac72d6005de254c607d1b534ed1 1d493ae1c1d9ac85 secret: 3bf9d4c7955da2740414e73081fa74d6f6f2b4b9645d0685219813ce99a2f270 key: 4d567121d67fae1227d90e11585988fb base_nonce: 67c9d05330ca21e5116ecda6 exporter_secret: 3f479020ae186788e4dfd4a42a21d24f3faabb224dd4f91c2b2e5e9524ca27b2]]></artwork>]]></sourcecode> <section anchor="encryptions-11" numbered="true" toc="default"> <name>Encryptions</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ sequence number: 0 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d30 nonce: 67c9d05330ca21e5116ecda6 ct:b9f36d58d9eb101629a3e5a7b63d2ee4af42b3644209ab37e0a272d44365407db8e6 55c72e4fa46f4ff81b9246b9f36d58d9eb101629a3e5a7b63d2ee4af42b3644209ab37e0a272d44365407d b8e655c72e4fa46f4ff81b9246 sequence number: 1 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d31 nonce: 67c9d05330ca21e5116ecda7 ct:51788c4e5d56276771032749d015d3eea651af0c7bb8e3da669effffed299ea1f641 df621af65579c10fc0973651788c4e5d56276771032749d015d3eea651af0c7bb8e3da669effffed299ea1 f641df621af65579c10fc09736 sequence number: 2 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d32 nonce: 67c9d05330ca21e5116ecda4 ct:3b5a2be002e7b29927f06442947e1cf709b9f8508b03823127387223d712703471c2 66efc355f1bc2036f3027c3b5a2be002e7b29927f06442947e1cf709b9f8508b03823127387223d7127034 71c266efc355f1bc2036f3027c sequence number: 4 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d34 nonce: 67c9d05330ca21e5116ecda2 ct:8ddbf1242fe5c7d61e1675496f3bfdb4d90205b3dfbc1b12aab41395d71a82118e09 5c484103107cf4face51238ddbf1242fe5c7d61e1675496f3bfdb4d90205b3dfbc1b12aab41395d71a8211 8e095c484103107cf4face5123 sequence number: 255 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d323535 nonce: 67c9d05330ca21e5116ecd59 ct:6de25ceadeaec572fbaa25eda2558b73c383fe55106abaec24d518ef6724a7ce698f 83ecdc53e640fe214d2f426de25ceadeaec572fbaa25eda2558b73c383fe55106abaec24d518ef6724a7ce 698f83ecdc53e640fe214d2f42 sequence number: 256 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d323536 nonce: 67c9d05330ca21e5116ecca6 ct:f380e19d291e12c5e378b51feb5cd50f6d00df6cb2af8393794c4df342126c2e2963 3fe7e8ce49587531affd4d ]]></artwork>f380e19d291e12c5e378b51feb5cd50f6d00df6cb2af8393794c4df342126c2e 29633fe7e8ce49587531affd4d ]]></sourcecode> </section> <section anchor="exported-values-11" numbered="true" toc="default"> <name>Exported Values</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ exporter_context: L: 32 exported_value: 595ce0eff405d4b3bb1d08308d70a4e77226ce11766e0a94c4fdb5d90025c978 exporter_context: 00 L: 32 exported_value: 110472ee0ae328f57ef7332a9886a1992d2c45b9b8d5abc9424ff68630f7d38d exporter_context: 54657374436f6e74657874 L: 32 exported_value: 18ee4d001a9d83a4c67e76f88dd747766576cac438723bad0700a910a4d717e6]]></artwork>]]></sourcecode> </section> </section> </section> <section anchor="dhkemp-256-hkdf-sha256-hkdf-sha512-aes-128-gcm" numbered="true" toc="default"> <name>DHKEM(P-256, HKDF-SHA256), HKDF-SHA512, AES-128-GCM</name> <section anchor="base-setup-information-3" numbered="true" toc="default"> <name>Base Setup Information</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ mode: 0 kem_id: 16 kdf_id: 3 aead_id: 1 info: 4f6465206f6e2061204772656369616e2055726e ikmE: 4ab11a9dd78c39668f7038f921ffc0993b368171d3ddde8031501ee1e08c4c9a pkEm:0493ed86735bdfb978cc055c98b45695ad7ce61ce748f4dd63c525a3b8d53a1556 5c6897888070070c1579db1f86aaa56deb8297e64db7e8924e72866f9a4725800493ed86735bdfb978cc055c98b45695ad7ce61ce748f4dd63c525a3b8d53a 15565c6897888070070c1579db1f86aaa56deb8297e64db7e8924e72866f9a472580 skEm: 2292bf14bb6e15b8c81a0f45b7a6e93e32d830e48cca702e0affcfb4d07e1b5c ikmR: ea9ff7cc5b2705b188841c7ace169290ff312a9cb31467784ca92d7a2e6e1be8 pkRm:04085aa5b665dc3826f9650ccbcc471be268c8ada866422f739e2d531d4a8818a9 466bc6b449357096232919ec4fe9070ccbac4aac30f4a1a53efcf7af90610edd04085aa5b665dc3826f9650ccbcc471be268c8ada866422f739e2d531d4a88 18a9466bc6b449357096232919ec4fe9070ccbac4aac30f4a1a53efcf7af90610edd skRm: 3ac8530ad1b01885960fab38cf3cdc4f7aef121eaa239f222623614b4079fb38 enc:0493ed86735bdfb978cc055c98b45695ad7ce61ce748f4dd63c525a3b8d53a15565 c6897888070070c1579db1f86aaa56deb8297e64db7e8924e72866f9a4725800493ed86735bdfb978cc055c98b45695ad7ce61ce748f4dd63c525a3b8d53a1 5565c6897888070070c1579db1f86aaa56deb8297e64db7e8924e72866f9a472580 shared_secret: 02f584736390fc93f5b4ad039826a3fa08e9911bd1215a3db8e8791ba533cafd key_schedule_context:005b8a3617af7789ee716e7911c7e77f84cdc4cc46e60fb7e1 9e4059f9aeadc00585e26874d1ddde76e551a7679cd47168c466f6e1f705cc9374c19277 8a34fcd5ca221d77e229a9d11b654de7942d685069c633b2362ce3b3d8ea4891c9a2a87a 4eb7cdb289ba5e2ecbf8cd2c8498bb4a383dc021454d70d46fcbbad1252ef4f9005b8a3617af7789ee716e7911c7e77f84cdc4cc46e60f b7e19e4059f9aeadc00585e26874d1ddde76e551a7679cd47168c466f6e1f705cc93 74c192778a34fcd5ca221d77e229a9d11b654de7942d685069c633b2362ce3b3d8ea 4891c9a2a87a4eb7cdb289ba5e2ecbf8cd2c8498bb4a383dc021454d70d46fcbbad1 252ef4f9 secret:0c7acdab61693f936c4c1256c78e7be30eebfe466812f9cc49f0b58dc970328d fc03ea359be0250a471b1635a193d2dfa8cb23c90aa2e25025b892a725353eeb0c7acdab61693f936c4c1256c78e7be30eebfe466812f9cc49f0b58dc970 328dfc03ea359be0250a471b1635a193d2dfa8cb23c90aa2e25025b892a725353eeb key: 090ca96e5f8aa02b69fac360da50ddf9 base_nonce: 9c995e621bf9a20c5ca45546 exporter_secret:4a7abb2ac43e6553f129b2c5750a7e82d149a76ed56dc342d7bca61 e26d494f4855dff0d0165f27ce57756f7f16baca006539bb8e4518987ba610480ac03efa 8 ]]></artwork>4a7abb2ac43e6553f129b2c5750a7e82d149a76ed56dc342d7b ca61e26d494f4855dff0d0165f27ce57756f7f16baca006539bb8e4518987ba61048 0ac03efa8 ]]></sourcecode> <section anchor="encryptions-12" numbered="true" toc="default"> <name>Encryptions</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ sequence number: 0 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d30 nonce: 9c995e621bf9a20c5ca45546 ct:d3cf4984931484a080f74c1bb2a6782700dc1fef9abe8442e44a6f09044c88907200 b332003543754eb51917bad3cf4984931484a080f74c1bb2a6782700dc1fef9abe8442e44a6f09044c8890 7200b332003543754eb51917ba sequence number: 1 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d31 nonce: 9c995e621bf9a20c5ca45547 ct:d14414555a47269dfead9fbf26abb303365e40709a4ed16eaefe1f2070f1ddeb1bdd 94d9e41186f124e0acc62dd14414555a47269dfead9fbf26abb303365e40709a4ed16eaefe1f2070f1ddeb 1bdd94d9e41186f124e0acc62d sequence number: 2 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d32 nonce: 9c995e621bf9a20c5ca45544 ct:9bba136cade5c4069707ba91a61932e2cbedda2d9c7bdc33515aa01dd0e0f7e9d357 9bf4016dec37da4aafa8009bba136cade5c4069707ba91a61932e2cbedda2d9c7bdc33515aa01dd0e0f7e9 d3579bf4016dec37da4aafa800 sequence number: 4 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d34 nonce: 9c995e621bf9a20c5ca45542 ct:a531c0655342be013bf32112951f8df1da643602f1866749519f5dcb09cc68432579 de305a77e6864e862a7600a531c0655342be013bf32112951f8df1da643602f1866749519f5dcb09cc6843 2579de305a77e6864e862a7600 sequence number: 255 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d323535 nonce: 9c995e621bf9a20c5ca455b9 ct:be5da649469efbad0fb950366a82a73fefeda5f652ec7d3731fac6c4ffa21a7004d2 ab8a04e13621bd3629547dbe5da649469efbad0fb950366a82a73fefeda5f652ec7d3731fac6c4ffa21a70 04d2ab8a04e13621bd3629547d sequence number: 256 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d323536 nonce: 9c995e621bf9a20c5ca45446 ct:62092672f5328a0dde095e57435edf7457ace60b26ee44c9291110ec135cb0e14b85 594e4fea11247d937deb62 ]]></artwork>62092672f5328a0dde095e57435edf7457ace60b26ee44c9291110ec135cb0e1 4b85594e4fea11247d937deb62 ]]></sourcecode> </section> <section anchor="exported-values-12" numbered="true" toc="default"> <name>Exported Values</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ exporter_context: L: 32 exported_value: a32186b8946f61aeead1c093fe614945f85833b165b28c46bf271abf16b57208 exporter_context: 00 L: 32 exported_value: 84998b304a0ea2f11809398755f0abd5f9d2c141d1822def79dd15c194803c2a exporter_context: 54657374436f6e74657874 L: 32 exported_value: 93fb9411430b2cfa2cf0bed448c46922a5be9beff20e2e621df7e4655852edbc]]></artwork>]]></sourcecode> </section> </section> <section anchor="psk-setup-information-3" numbered="true" toc="default"> <name>PSK Setup Information</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ mode: 1 kem_id: 16 kdf_id: 3 aead_id: 1 info: 4f6465206f6e2061204772656369616e2055726e ikmE: c11d883d6587f911d2ddbc2a0859d5b42fb13bf2c8e89ef408a25564893856f5 pkEm:04a307934180ad5287f95525fe5bc6244285d7273c15e061f0f2efb211c35057f3 079f6e0abae200992610b25f48b63aacfcb669106ddee8aa023feed30190137104a307934180ad5287f95525fe5bc6244285d7273c15e061f0f2efb211c350 57f3079f6e0abae200992610b25f48b63aacfcb669106ddee8aa023feed301901371 skEm: a5901ff7d6931959c2755382ea40a4869b1dec3694ed3b009dda2d77dd488f18 ikmR: 75bfc2a3a3541170a54c0b06444e358d0ee2b4fb78a401fd399a47a33723b700 pkRm:043f5266fba0742db649e1043102b8a5afd114465156719cea90373229aabdd84d 7f45dabfc1f55664b888a7e86d594853a6cccdc9b189b57839cbbe3b90b55873043f5266fba0742db649e1043102b8a5afd114465156719cea90373229aabd d84d7f45dabfc1f55664b888a7e86d594853a6cccdc9b189b57839cbbe3b90b55873 skRm: bc6f0b5e22429e5ff47d5969003f3cae0f4fec50e23602e880038364f33b8522 psk: 0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82 psk_id: 456e6e796e20447572696e206172616e204d6f726961 enc:04a307934180ad5287f95525fe5bc6244285d7273c15e061f0f2efb211c35057f30 79f6e0abae200992610b25f48b63aacfcb669106ddee8aa023feed30190137104a307934180ad5287f95525fe5bc6244285d7273c15e061f0f2efb211c3505 7f3079f6e0abae200992610b25f48b63aacfcb669106ddee8aa023feed301901371 shared_secret: 2912aacc6eaebd71ff715ea50f6ef3a6637856b2a4c58ea61e0c3fc159e3bc16 key_schedule_context:01713f73042575cebfd132f0cc4338523f8eae95c80a749f7c f3eb9436ff1c612ca62c37df27ca46d2cc162445a92c5f5fdc57bcde129ca7b1f284b0c1 2297c037ca221d77e229a9d11b654de7942d685069c633b2362ce3b3d8ea4891c9a2a87a 4eb7cdb289ba5e2ecbf8cd2c8498bb4a383dc021454d70d46fcbbad1252ef4f901713f73042575cebfd132f0cc4338523f8eae95c80a74 9f7cf3eb9436ff1c612ca62c37df27ca46d2cc162445a92c5f5fdc57bcde129ca7b1 f284b0c12297c037ca221d77e229a9d11b654de7942d685069c633b2362ce3b3d8ea 4891c9a2a87a4eb7cdb289ba5e2ecbf8cd2c8498bb4a383dc021454d70d46fcbbad1 252ef4f9 secret:ff2051d2128d5f3078de867143e076262ce1d0aecafc3fff3d607f1eaff05345 c7d5ffcb3202cdecb3d1a2f7da20592a237747b6e855390cbe2109d3e6ac70c2ff2051d2128d5f3078de867143e076262ce1d0aecafc3fff3d607f1eaff0 5345c7d5ffcb3202cdecb3d1a2f7da20592a237747b6e855390cbe2109d3e6ac70c2 key: 0b910ba8d9cfa17e5f50c211cb32839a base_nonce: 0c29e714eb52de5b7415a1b7 exporter_secret:50c0a182b6f94b4c0bd955c4aa20df01f282cc12c43065a0812fe4d 4352790171ed2b2c4756ad7f5a730ba336c8f1edd0089d8331192058c385bae39c7cc8b5 7 ]]></artwork>50c0a182b6f94b4c0bd955c4aa20df01f282cc12c43065a0812 fe4d4352790171ed2b2c4756ad7f5a730ba336c8f1edd0089d8331192058c385bae3 9c7cc8b57 ]]></sourcecode> <section anchor="encryptions-13" numbered="true" toc="default"> <name>Encryptions</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ sequence number: 0 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d30 nonce: 0c29e714eb52de5b7415a1b7 ct:57624b6e320d4aba0afd11f548780772932f502e2ba2a8068676b2a0d3b5129a45b9 faa88de39e8306da41d4cc57624b6e320d4aba0afd11f548780772932f502e2ba2a8068676b2a0d3b5129a 45b9faa88de39e8306da41d4cc sequence number: 1 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d31 nonce: 0c29e714eb52de5b7415a1b6 ct:159d6b4c24bacaf2f5049b7863536d8f3ffede76302dace42080820fa51925d4e1c7 2a64f87b14291a3057e00a159d6b4c24bacaf2f5049b7863536d8f3ffede76302dace42080820fa51925d4 e1c72a64f87b14291a3057e00a sequence number: 2 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d32 nonce: 0c29e714eb52de5b7415a1b5 ct:bd24140859c99bf0055075e9c460032581dd1726d52cf980d308e9b20083ca62e700 b17892bcf7fa82bac751d0bd24140859c99bf0055075e9c460032581dd1726d52cf980d308e9b20083ca62 e700b17892bcf7fa82bac751d0 sequence number: 4 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d34 nonce: 0c29e714eb52de5b7415a1b3 ct:93ddd55f82e9aaaa3cfc06840575f09d80160b20538125c2549932977d1238dde812 6a4a91118faf8632f62cb893ddd55f82e9aaaa3cfc06840575f09d80160b20538125c2549932977d1238dd e8126a4a91118faf8632f62cb8 sequence number: 255 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d323535 nonce: 0c29e714eb52de5b7415a148 ct:377a98a3c34bf716581b05a6b3fdc257f245856384d5f2241c8840571c52f5c85c21 138a4a81655edab8fe227d377a98a3c34bf716581b05a6b3fdc257f245856384d5f2241c8840571c52f5c8 5c21138a4a81655edab8fe227d sequence number: 256 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d323536 nonce: 0c29e714eb52de5b7415a0b7 ct:cc161f5a179831d456d119d2f2c19a6817289c75d1c61cd37ac8a450acd9efba02e0 ac00d128c17855931ff69a ]]></artwork>cc161f5a179831d456d119d2f2c19a6817289c75d1c61cd37ac8a450acd9efba 02e0ac00d128c17855931ff69a ]]></sourcecode> </section> <section anchor="exported-values-13" numbered="true" toc="default"> <name>Exported Values</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ exporter_context: L: 32 exported_value: 8158bea21a6700d37022bb7802866edca30ebf2078273757b656ef7fc2e428cf exporter_context: 00 L: 32 exported_value: 6a348ba6e0e72bb3ef22479214a139ef8dac57be34509a61087a12565473da8d exporter_context: 54657374436f6e74657874 L: 32 exported_value: 2f6d4f7a18ec48de1ef4469f596aada4afdf6d79b037ed3c07e0118f8723bffc]]></artwork>]]></sourcecode> </section> </section> <section anchor="auth-setup-information-3" numbered="true" toc="default"> <name>Auth Setup Information</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ mode: 2 kem_id: 16 kdf_id: 3 aead_id: 1 info: 4f6465206f6e2061204772656369616e2055726e ikmE: 6bb031aa9197562da0b44e737db2b9e61f6c3ea1138c37de28fc37ac29bc7350 pkEm:04fec59fa9f76f5d0f6c1660bb179cb314ed97953c53a60ab38f8e6ace60fd5917 8084d0dd66e0f79172992d4ddb2e91172ce24949bcebfff158dcc417f2c6e9c604fec59fa9f76f5d0f6c1660bb179cb314ed97953c53a60ab38f8e6ace60fd 59178084d0dd66e0f79172992d4ddb2e91172ce24949bcebfff158dcc417f2c6e9c6 skEm: 93cddd5288e7ef4884c8fe321d075df01501b993ff49ffab8184116f39b3c655 ikmR: 649a3f92edbb7a2516a0ade0b7dccc58a37240c4ba06f9726a952227b4adf6ff pkRm:04378bad519aab406e04d0e5608bcca809c02d6afd2272d4dd03e9357bd0eee8ad f84c8deba3155c9cf9506d1d4c8bfefe3cf033a75716cc3cc07295100ec9627604378bad519aab406e04d0e5608bcca809c02d6afd2272d4dd03e9357bd0ee e8adf84c8deba3155c9cf9506d1d4c8bfefe3cf033a75716cc3cc07295100ec96276 skRm: 1ea4484be482bf25fdb2ed39e6a02ed9156b3e57dfb18dff82e4a048de990236 ikmS: 4d79b8691aab55a7265e8490a04bb3860ed64dece90953ad0dc43a6ea59b4bf2 pkSm:0404d3c1f9fca22eb4a6d326125f0814c35593b1da8ea0d11a640730b215a259b9 b98a34ad17e21617d19fe1d4fa39a4828bfdb306b729ec51c543caca3b2d95290404d3c1f9fca22eb4a6d326125f0814c35593b1da8ea0d11a640730b215a2 59b9b98a34ad17e21617d19fe1d4fa39a4828bfdb306b729ec51c543caca3b2d9529 skSm: 02b266d66919f7b08f42ae0e7d97af4ca98b2dae3043bb7e0740ccadc1957579 enc:04fec59fa9f76f5d0f6c1660bb179cb314ed97953c53a60ab38f8e6ace60fd59178 084d0dd66e0f79172992d4ddb2e91172ce24949bcebfff158dcc417f2c6e9c604fec59fa9f76f5d0f6c1660bb179cb314ed97953c53a60ab38f8e6ace60fd5 9178084d0dd66e0f79172992d4ddb2e91172ce24949bcebfff158dcc417f2c6e9c6 shared_secret: 1ed49f6d7ada333d171cd63861a1cb700a1ec4236755a9cd5f9f8f67a2f8e7b3 key_schedule_context:025b8a3617af7789ee716e7911c7e77f84cdc4cc46e60fb7e1 9e4059f9aeadc00585e26874d1ddde76e551a7679cd47168c466f6e1f705cc9374c19277 8a34fcd5ca221d77e229a9d11b654de7942d685069c633b2362ce3b3d8ea4891c9a2a87a 4eb7cdb289ba5e2ecbf8cd2c8498bb4a383dc021454d70d46fcbbad1252ef4f9025b8a3617af7789ee716e7911c7e77f84cdc4cc46e60f b7e19e4059f9aeadc00585e26874d1ddde76e551a7679cd47168c466f6e1f705cc93 74c192778a34fcd5ca221d77e229a9d11b654de7942d685069c633b2362ce3b3d8ea 4891c9a2a87a4eb7cdb289ba5e2ecbf8cd2c8498bb4a383dc021454d70d46fcbbad1 252ef4f9 secret:9c846ba81ddbbd57bc26d99da6cf7ab956bb735ecd47fe21ed14241c70791b74 84c1d06663d21a5d97bf1be70d56ab727f650c4f859c5ed3f71f8928b3c082dd9c846ba81ddbbd57bc26d99da6cf7ab956bb735ecd47fe21ed14241c7079 1b7484c1d06663d21a5d97bf1be70d56ab727f650c4f859c5ed3f71f8928b3c082dd key: 9d4b1c83129f3de6db95faf3d539dcf1 base_nonce: ea4fd7a485ee5f1f4b62c1b7 exporter_secret:ca2410672369aae1afd6c2639f4fe34ca36d35410c090608d2924f6 0def17f910d7928575434d7f991b1f19d3e8358b8278ff59ced0d5eed4774cec72e12766 e ]]></artwork>ca2410672369aae1afd6c2639f4fe34ca36d35410c090608d29 24f60def17f910d7928575434d7f991b1f19d3e8358b8278ff59ced0d5eed4774cec 72e12766e ]]></sourcecode> <section anchor="encryptions-14" numbered="true" toc="default"> <name>Encryptions</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ sequence number: 0 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d30 nonce: ea4fd7a485ee5f1f4b62c1b7 ct:2480179d880b5f458154b8bfe3c7e8732332de84aabf06fc440f6b31f169e154157f a9eb44f2fa4d7b38a9236e2480179d880b5f458154b8bfe3c7e8732332de84aabf06fc440f6b31f169e154 157fa9eb44f2fa4d7b38a9236e sequence number: 1 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d31 nonce: ea4fd7a485ee5f1f4b62c1b6 ct:10cd81e3a816d29942b602a92884348171a31cbd0f042c3057c65cd93c540943a5b0 5115bd520c09281061935b10cd81e3a816d29942b602a92884348171a31cbd0f042c3057c65cd93c540943 a5b05115bd520c09281061935b sequence number: 2 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d32 nonce: ea4fd7a485ee5f1f4b62c1b5 ct:920743a88d8cf6a09e1a3098e8be8edd09db136e9d543f215924043af8c7410f68ce 6aa64fd2b1a176e7f6b3fd920743a88d8cf6a09e1a3098e8be8edd09db136e9d543f215924043af8c7410f 68ce6aa64fd2b1a176e7f6b3fd sequence number: 4 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d34 nonce: ea4fd7a485ee5f1f4b62c1b3 ct:6b11380fcc708fc8589effb5b5e0394cbd441fa5e240b5500522150ca8265d65ff55 479405af936e2349119dcd6b11380fcc708fc8589effb5b5e0394cbd441fa5e240b5500522150ca8265d65 ff55479405af936e2349119dcd sequence number: 255 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d323535 nonce: ea4fd7a485ee5f1f4b62c148 ct:d084eca50e7554bb97ba34c4482dfe32c9a2b7f3ab009c2d1b68ecbf97bee2d28cd9 4b6c829b96361f2701772dd084eca50e7554bb97ba34c4482dfe32c9a2b7f3ab009c2d1b68ecbf97bee2d2 8cd94b6c829b96361f2701772d sequence number: 256 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d323536 nonce: ea4fd7a485ee5f1f4b62c0b7 ct:247da592cc4ce834a94de2c79f5730ee49342470a021e4a4bc2bb77c53b17413e94d 94f57b4fdaedcf97cfe7b1 ]]></artwork>247da592cc4ce834a94de2c79f5730ee49342470a021e4a4bc2bb77c53b17413 e94d94f57b4fdaedcf97cfe7b1 ]]></sourcecode> </section> <section anchor="exported-values-14" numbered="true" toc="default"> <name>Exported Values</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ exporter_context: L: 32 exported_value: f03fbc82f321a0ab4840e487cb75d07aafd8e6f68485e4f7ff72b2f55ff24ad6 exporter_context: 00 L: 32 exported_value: 1ce0cadec0a8f060f4b5070c8f8888dcdfefc2e35819df0cd559928a11ff0891 exporter_context: 54657374436f6e74657874 L: 32 exported_value: 70c405c707102fd0041ea716090753be47d68d238b111d542846bd0d84ba907c]]></artwork>]]></sourcecode> </section> </section> <section anchor="authpsk-setup-information-3" numbered="true" toc="default"> <name>AuthPSK Setup Information</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ mode: 3 kem_id: 16 kdf_id: 3 aead_id: 1 info: 4f6465206f6e2061204772656369616e2055726e ikmE: 37ae06a521cd555648c928d7af58ad2aa4a85e34b8cabd069e94ad55ab872cc8 pkEm:04801740f4b1b35823f7fb2930eac2efc8c4893f34ba111c0bb976e3c7d5dc0aef 5a7ef0bf4057949a140285f774f1efc53b3860936b92279a11b68395d898d13804801740f4b1b35823f7fb2930eac2efc8c4893f34ba111c0bb976e3c7d5dc 0aef5a7ef0bf4057949a140285f774f1efc53b3860936b92279a11b68395d898d138 skEm: 778f2254ae5d661d5c7fca8c4a7495a25bd13f26258e459159f3899df0de76c1 ikmR: 7466024b7e2d2366c3914d7833718f13afb9e3e45bcfbb510594d614ddd9b4e7 pkRm:04a4ca7af2fc2cce48edbf2f1700983e927743a4e85bb5035ad562043e25d9a111 cbf6f7385fac55edc5c9d2ca6ed351a5643de95c36748e11dbec98730f4d43e904a4ca7af2fc2cce48edbf2f1700983e927743a4e85bb5035ad562043e25d9 a111cbf6f7385fac55edc5c9d2ca6ed351a5643de95c36748e11dbec98730f4d43e9 skRm: 00510a70fde67af487c093234fc4215c1cdec09579c4b30cc8e48cb530414d0e ikmS: ee27aaf99bf5cd8398e9de88ac09a82ac22cdb8d0905ab05c0f5fa12ba1709f3 pkSm:04b59a4157a9720eb749c95f842a5e3e8acdccbe834426d405509ac3191e23f216 5b5bb1f07a6240dd567703ae75e13182ee0f69fc102145cdb5abf681ff126d6004b59a4157a9720eb749c95f842a5e3e8acdccbe834426d405509ac3191e23 f2165b5bb1f07a6240dd567703ae75e13182ee0f69fc102145cdb5abf681ff126d60 skSm: d743b20821e6326f7a26684a4beed7088b35e392114480ca9f6c325079dcf10b psk: 0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82 psk_id: 456e6e796e20447572696e206172616e204d6f726961 enc:04801740f4b1b35823f7fb2930eac2efc8c4893f34ba111c0bb976e3c7d5dc0aef5 a7ef0bf4057949a140285f774f1efc53b3860936b92279a11b68395d898d13804801740f4b1b35823f7fb2930eac2efc8c4893f34ba111c0bb976e3c7d5dc0 aef5a7ef0bf4057949a140285f774f1efc53b3860936b92279a11b68395d898d138 shared_secret: 02bee8be0dda755846115db45071c0cf59c25722e015bde1c124de849c0fea52 key_schedule_context:03713f73042575cebfd132f0cc4338523f8eae95c80a749f7c f3eb9436ff1c612ca62c37df27ca46d2cc162445a92c5f5fdc57bcde129ca7b1f284b0c1 2297c037ca221d77e229a9d11b654de7942d685069c633b2362ce3b3d8ea4891c9a2a87a 4eb7cdb289ba5e2ecbf8cd2c8498bb4a383dc021454d70d46fcbbad1252ef4f903713f73042575cebfd132f0cc4338523f8eae95c80a74 9f7cf3eb9436ff1c612ca62c37df27ca46d2cc162445a92c5f5fdc57bcde129ca7b1 f284b0c12297c037ca221d77e229a9d11b654de7942d685069c633b2362ce3b3d8ea 4891c9a2a87a4eb7cdb289ba5e2ecbf8cd2c8498bb4a383dc021454d70d46fcbbad1 252ef4f9 secret:0f9df08908a6a3d06c8e934cd3f5313f9ebccd0986e316c0198bb48bed30dc3d b2f3baab94fd40c2c285c7288c77e2255401ee2d5884306addf4296b93c238b30f9df08908a6a3d06c8e934cd3f5313f9ebccd0986e316c0198bb48bed30 dc3db2f3baab94fd40c2c285c7288c77e2255401ee2d5884306addf4296b93c238b3 key: b68bb0e2fbf7431cedb46cc3b6f1fe9e base_nonce: 76af62719d33d39a1cb6be9f exporter_secret:7f72308ae68c9a2b3862e686cb547b16d33d00fe482c770c4717d8b 54e9b1e547244c3602bdd86d5a788a8443befea0a7658002b23f1c96a62a64986fffc511 a ]]></artwork>7f72308ae68c9a2b3862e686cb547b16d33d00fe482c770c471 7d8b54e9b1e547244c3602bdd86d5a788a8443befea0a7658002b23f1c96a62a6498 6fffc511a ]]></sourcecode> <section anchor="encryptions-15" numbered="true" toc="default"> <name>Encryptions</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ sequence number: 0 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d30 nonce: 76af62719d33d39a1cb6be9f ct:840669634db51e28df54f189329c1b727fd303ae413f003020aff5e26276aaa910fc 4296828cb9d862c2fd7d16840669634db51e28df54f189329c1b727fd303ae413f003020aff5e26276aaa9 10fc4296828cb9d862c2fd7d16 sequence number: 1 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d31 nonce: 76af62719d33d39a1cb6be9e ct:d4680a48158d9a75fd09355878d6e33997a36ee01d4a8f22032b22373b795a941b7b 9c5205ff99e0ff284beef4d4680a48158d9a75fd09355878d6e33997a36ee01d4a8f22032b22373b795a94 1b7b9c5205ff99e0ff284beef4 sequence number: 2 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d32 nonce: 76af62719d33d39a1cb6be9d ct:c45eb6597de2bac929a0f5d404ba9d2dc1ea031880930f1fd7a283f0a0cbebb35eac 1a9ee0d1225f5e0f181571c45eb6597de2bac929a0f5d404ba9d2dc1ea031880930f1fd7a283f0a0cbebb3 5eac1a9ee0d1225f5e0f181571 sequence number: 4 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d34 nonce: 76af62719d33d39a1cb6be9b ct:4ee2482ad8d7d1e9b7e651c78b6ca26d3c5314d0711710ca62c2fd8bb8996d7d8727 c157538d5493da696b61f84ee2482ad8d7d1e9b7e651c78b6ca26d3c5314d0711710ca62c2fd8bb8996d7d 8727c157538d5493da696b61f8 sequence number: 255 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d323535 nonce: 76af62719d33d39a1cb6be60 ct:65596b731df010c76a915c6271a438056ce65696459432eeafdae7b4cadb6290dd61 e68edd4e40b659d2a8cbcc65596b731df010c76a915c6271a438056ce65696459432eeafdae7b4cadb6290 dd61e68edd4e40b659d2a8cbcc sequence number: 256 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d323536 nonce: 76af62719d33d39a1cb6bf9f ct:9f659482ebc52f8303f9eac75656d807ec38ce2e50c72e3078cd13d86b30e3f89069 0a873277620f8a6a42d836 ]]></artwork>9f659482ebc52f8303f9eac75656d807ec38ce2e50c72e3078cd13d86b30e3f8 90690a873277620f8a6a42d836 ]]></sourcecode> </section> <section anchor="exported-values-15" numbered="true" toc="default"> <name>Exported Values</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ exporter_context: L: 32 exported_value: c8c917e137a616d3d4e4c9fcd9c50202f366cb0d37862376bc79f9b72e8a8db9 exporter_context: 00 L: 32 exported_value: 33a5d4df232777008a06d0684f23bb891cfaef702f653c8601b6ad4d08dddddf exporter_context: 54657374436f6e74657874 L: 32 exported_value: bed80f2e54f1285895c4a3f3b3625e6206f78f1ed329a0cfb5864f7c139b3c6a]]></artwork>]]></sourcecode> </section> </section> </section> <section anchor="dhkemp-256-hkdf-sha256-hkdf-sha256-chacha20poly1305" numbered="true" toc="default"> <name>DHKEM(P-256, HKDF-SHA256), HKDF-SHA256, ChaCha20Poly1305</name> <section anchor="base-setup-information-4" numbered="true" toc="default"> <name>Base Setup Information</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ mode: 0 kem_id: 16 kdf_id: 1 aead_id: 3 info: 4f6465206f6e2061204772656369616e2055726e ikmE: f1f1a3bc95416871539ecb51c3a8f0cf608afb40fbbe305c0a72819d35c33f1f pkEm:04c07836a0206e04e31d8ae99bfd549380b072a1b1b82e563c935c095827824fc1 559eac6fb9e3c70cd3193968994e7fe9781aa103f5b50e934b5b2f387e38129104c07836a0206e04e31d8ae99bfd549380b072a1b1b82e563c935c09582782 4fc1559eac6fb9e3c70cd3193968994e7fe9781aa103f5b50e934b5b2f387e381291 skEm: 7550253e1147aae48839c1f8af80d2770fb7a4c763afe7d0afa7e0f42a5b3689 ikmR: 61092f3f56994dd424405899154a9918353e3e008171517ad576b900ddb275e7 pkRm:04a697bffde9405c992883c5c439d6cc358170b51af72812333b015621dc0f40ba d9bb726f68a5c013806a790ec716ab8669f84f6b694596c2987cf35baba2a00604a697bffde9405c992883c5c439d6cc358170b51af72812333b015621dc0f 40bad9bb726f68a5c013806a790ec716ab8669f84f6b694596c2987cf35baba2a006 skRm: a4d1c55836aa30f9b3fbb6ac98d338c877c2867dd3a77396d13f68d3ab150d3b enc:04c07836a0206e04e31d8ae99bfd549380b072a1b1b82e563c935c095827824fc15 59eac6fb9e3c70cd3193968994e7fe9781aa103f5b50e934b5b2f387e38129104c07836a0206e04e31d8ae99bfd549380b072a1b1b82e563c935c095827824 fc1559eac6fb9e3c70cd3193968994e7fe9781aa103f5b50e934b5b2f387e381291 shared_secret: 806520f82ef0b03c823b7fc524b6b55a088f566b9751b89551c170f4113bd850 key_schedule_context:00b738cd703db7b4106e93b4621e9a19c89c838e55964240e5 d3f331aaf8b0d58b2e986ea1c671b61cf45eec134dac0bae58ec6f63e790b1400b47c330 38b0269c00b738cd703db7b4106e93b4621e9a19c89c838e559642 40e5d3f331aaf8b0d58b2e986ea1c671b61cf45eec134dac0bae58ec6f63e790b140 0b47c33038b0269c secret: fe891101629aa355aad68eff3cc5170d057eca0c7573f6575e91f9783e1d4506 key: a8f45490a92a3b04d1dbf6cf2c3939ad8bfc9bfcb97c04bffe116730c9dfe3fc base_nonce: 726b4390ed2209809f58c693 exporter_secret: 4f9bd9b3a8db7d7c3a5b9d44fdc1f6e37d5d77689ade5ec44a7242016e6aa205]]></artwork>]]></sourcecode> <section anchor="encryptions-16" numbered="true" toc="default"> <name>Encryptions</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ sequence number: 0 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d30 nonce: 726b4390ed2209809f58c693 ct:6469c41c5c81d3aa85432531ecf6460ec945bde1eb428cb2fedf7a29f5a685b4ccb0 d057f03ea2952a27bb458b6469c41c5c81d3aa85432531ecf6460ec945bde1eb428cb2fedf7a29f5a685b4 ccb0d057f03ea2952a27bb458b sequence number: 1 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d31 nonce: 726b4390ed2209809f58c692 ct:f1564199f7e0e110ec9c1bcdde332177fc35c1adf6e57f8d1df24022227ffa871686 2dbda2b1dc546c9d114374f1564199f7e0e110ec9c1bcdde332177fc35c1adf6e57f8d1df24022227ffa87 16862dbda2b1dc546c9d114374 sequence number: 2 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d32 nonce: 726b4390ed2209809f58c691 ct:39de89728bcb774269f882af8dc5369e4f3d6322d986e872b3a8d074c7c18e8549ff 3f85b6d6592ff87c3f310c39de89728bcb774269f882af8dc5369e4f3d6322d986e872b3a8d074c7c18e85 49ff3f85b6d6592ff87c3f310c sequence number: 4 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d34 nonce: 726b4390ed2209809f58c697 ct:bc104a14fbede0cc79eeb826ea0476ce87b9c928c36e5e34dc9b6905d91473ec369a 08b1a25d305dd45c6c5f80bc104a14fbede0cc79eeb826ea0476ce87b9c928c36e5e34dc9b6905d91473ec 369a08b1a25d305dd45c6c5f80 sequence number: 255 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d323535 nonce: 726b4390ed2209809f58c66c ct:8f2814a2c548b3be50259713c6724009e092d37789f6856553d61df23ebc079235f7 10e6af3c3ca6eaba7c7c6c8f2814a2c548b3be50259713c6724009e092d37789f6856553d61df23ebc0792 35f710e6af3c3ca6eaba7c7c6c sequence number: 256 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d323536 nonce: 726b4390ed2209809f58c793 ct:b45b69d419a9be7219d8c94365b89ad6951caf4576ea4774ea40e9b7047a09d6537d 1aa2f7c12d6ae4b729b4d0 ]]></artwork>b45b69d419a9be7219d8c94365b89ad6951caf4576ea4774ea40e9b7047a09d6 537d1aa2f7c12d6ae4b729b4d0 ]]></sourcecode> </section> <section anchor="exported-values-16" numbered="true" toc="default"> <name>Exported Values</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ exporter_context: L: 32 exported_value: 9b13c510416ac977b553bf1741018809c246a695f45eff6d3b0356dbefe1e660 exporter_context: 00 L: 32 exported_value: 6c8b7be3a20a5684edecb4253619d9051ce8583baf850e0cb53c402bdcaf8ebb exporter_context: 54657374436f6e74657874 L: 32 exported_value: 477a50d804c7c51941f69b8e32fe8288386ee1a84905fe4938d58972f24ac938]]></artwork>]]></sourcecode> </section> </section> <section anchor="psk-setup-information-4" numbered="true" toc="default"> <name>PSK Setup Information</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ mode: 1 kem_id: 16 kdf_id: 1 aead_id: 3 info: 4f6465206f6e2061204772656369616e2055726e ikmE: e1a4e1d50c4bfcf890f2b4c7d6b2d2aca61368eddc3c84162df2856843e1057a pkEm:04f336578b72ad7932fe867cc4d2d44a718a318037a0ec271163699cee653fa805 c1fec955e562663e0c2061bb96a87d78892bff0cc0bad7906c2d998ebe1a724604f336578b72ad7932fe867cc4d2d44a718a318037a0ec271163699cee653f a805c1fec955e562663e0c2061bb96a87d78892bff0cc0bad7906c2d998ebe1a7246 skEm: 7d6e4e006cee68af9b3fdd583a0ee8962df9d59fab029997ee3f456cbc857904 ikmR: ee51dec304abf993ef8fd52aacdd3b539108bbf6e491943266c1de89ec596a17 pkRm:041eb8f4f20ab72661af369ff3231a733672fa26f385ffb959fd1bae46bfda43ad 55e2d573b880831381d9367417f554ce5b2134fbba5235b44db465feffc6189e041eb8f4f20ab72661af369ff3231a733672fa26f385ffb959fd1bae46bfda 43ad55e2d573b880831381d9367417f554ce5b2134fbba5235b44db465feffc6189e skRm: 12ecde2c8bc2d5d7ed2219c71f27e3943d92b344174436af833337c557c300b3 psk: 0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82 psk_id: 456e6e796e20447572696e206172616e204d6f726961 enc:04f336578b72ad7932fe867cc4d2d44a718a318037a0ec271163699cee653fa805c 1fec955e562663e0c2061bb96a87d78892bff0cc0bad7906c2d998ebe1a724604f336578b72ad7932fe867cc4d2d44a718a318037a0ec271163699cee653fa 805c1fec955e562663e0c2061bb96a87d78892bff0cc0bad7906c2d998ebe1a7246 shared_secret: ac4f260dce4db6bf45435d9c92c0e11cfdd93743bd3075949975974cc2b3d79e key_schedule_context:01622b72afcc3795841596c67ea74400ca3b029374d7d5640b da367c5d67b3fbeb2e986ea1c671b61cf45eec134dac0bae58ec6f63e790b1400b47c330 38b0269c01622b72afcc3795841596c67ea74400ca3b029374d7d5 640bda367c5d67b3fbeb2e986ea1c671b61cf45eec134dac0bae58ec6f63e790b140 0b47c33038b0269c secret: 858c8087a1c056db5811e85802f375bb0c19b9983204a1575de4803575d23239 key: 6d61cb330b7771168c8619498e753f16198aad9566d1f1c6c70e2bc1a1a8b142 base_nonce: 0de7655fb65e1cd51a38864e exporter_secret: 754ca00235b245e72d1f722a7718e7145bd113050a2aa3d89586d4cb7514bfdb]]></artwork>]]></sourcecode> <section anchor="encryptions-17" numbered="true" toc="default"> <name>Encryptions</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ sequence number: 0 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d30 nonce: 0de7655fb65e1cd51a38864e ct:21433eaff24d7706f3ed5b9b2e709b07230e2b11df1f2b1fe07b3c70d5948a53d6fa 5c8bed194020bd9df0877b21433eaff24d7706f3ed5b9b2e709b07230e2b11df1f2b1fe07b3c70d5948a53 d6fa5c8bed194020bd9df0877b sequence number: 1 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d31 nonce: 0de7655fb65e1cd51a38864f ct:c74a764b4892072ea8c2c56b9bcd46c7f1e9ca8cb0a263f8b40c2ba59ac9c857033f 176019562218769d3e0452c74a764b4892072ea8c2c56b9bcd46c7f1e9ca8cb0a263f8b40c2ba59ac9c857 033f176019562218769d3e0452 sequence number: 2 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d32 nonce: 0de7655fb65e1cd51a38864c ct:dc8cd68863474d6e9cbb6a659335a86a54e036249d41acf909e738c847ff2bd36fe3 fcacda4ededa7032c0a220dc8cd68863474d6e9cbb6a659335a86a54e036249d41acf909e738c847ff2bd3 6fe3fcacda4ededa7032c0a220 sequence number: 4 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d34 nonce: 0de7655fb65e1cd51a38864a ct:cd54a8576353b1b9df366cb0cc042e46eef6f4cf01e205fe7d47e306b2fdd90f7185 f289a26c613ca094e3be10cd54a8576353b1b9df366cb0cc042e46eef6f4cf01e205fe7d47e306b2fdd90f 7185f289a26c613ca094e3be10 sequence number: 255 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d323535 nonce: 0de7655fb65e1cd51a3886b1 ct:6324570c9d542c70c7e70570c1d8f4c52a89484746bf0625441890ededcc80c24ef2 301c38bfd34d689d19f67d6324570c9d542c70c7e70570c1d8f4c52a89484746bf0625441890ededcc80c2 4ef2301c38bfd34d689d19f67d sequence number: 256 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d323536 nonce: 0de7655fb65e1cd51a38874e ct:1ea6326c8098ed0437a553c466550114fb2ca1412cca7de98709b9ccdf19206e52c3 d39180e2cf62b3e9f4baf4 ]]></artwork>1ea6326c8098ed0437a553c466550114fb2ca1412cca7de98709b9ccdf19206e 52c3d39180e2cf62b3e9f4baf4 ]]></sourcecode> </section> <section anchor="exported-values-17" numbered="true" toc="default"> <name>Exported Values</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ exporter_context: L: 32 exported_value: 530bbc2f68f078dccc89cc371b4f4ade372c9472bafe4601a8432cbb934f528d exporter_context: 00 L: 32 exported_value: 6e25075ddcc528c90ef9218f800ca3dfe1b8ff4042de5033133adb8bd54c401d exporter_context: 54657374436f6e74657874 L: 32 exported_value: 6f6fbd0d1c7733f796461b3235a856cc34f676fe61ed509dfc18fa16efe6be78]]></artwork>]]></sourcecode> </section> </section> <section anchor="auth-setup-information-4" numbered="true" toc="default"> <name>Auth Setup Information</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ mode: 2 kem_id: 16 kdf_id: 1 aead_id: 3 info: 4f6465206f6e2061204772656369616e2055726e ikmE: 0ecd212019008138a31f9104d5dba76b9f8e34d5b996041fff9e3df221dd0d5d pkEm:040d5176aedba55bc41709261e9195c5146bb62d783031280775f32e507d79b5cb c5748b6be6359760c73cfe10ca19521af704ca6d91ff32fc0739527b9385d415040d5176aedba55bc41709261e9195c5146bb62d783031280775f32e507d79 b5cbc5748b6be6359760c73cfe10ca19521af704ca6d91ff32fc0739527b9385d415 skEm: 085fd5d5e6ce6497c79df960cac93710006b76217d8bcfafbd2bb2c20ea03c42 ikmR: d32236d8378b9563840653789eb7bc33c3c720e537391727bf1c812d0eac110f pkRm:0444f6ee41818d9fe0f8265bffd016b7e2dd3964d610d0f7514244a60dbb7a11ec e876bb110a97a2ac6a9542d7344bf7d2bd59345e3e75e497f7416cf38d2962330444f6ee41818d9fe0f8265bffd016b7e2dd3964d610d0f7514244a60dbb7a 11ece876bb110a97a2ac6a9542d7344bf7d2bd59345e3e75e497f7416cf38d296233 skRm: 3cb2c125b8c5a81d165a333048f5dcae29a2ab2072625adad66dbb0f48689af9 ikmS: 0e6be0851283f9327295fd49858a8c8908ea9783212945eef6c598ee0a3cedbb pkSm:04265529a04d4f46ab6fa3af4943774a9f1127821656a75a35fade898a9a1b014f 64d874e88cddb24c1c3d79004d3a587db67670ca357ff4fba7e8b56ec013b98b04265529a04d4f46ab6fa3af4943774a9f1127821656a75a35fade898a9a1b 014f64d874e88cddb24c1c3d79004d3a587db67670ca357ff4fba7e8b56ec013b98b skSm: 39b19402e742d48d319d24d68e494daa4492817342e593285944830320912519 enc:040d5176aedba55bc41709261e9195c5146bb62d783031280775f32e507d79b5cbc 5748b6be6359760c73cfe10ca19521af704ca6d91ff32fc0739527b9385d415040d5176aedba55bc41709261e9195c5146bb62d783031280775f32e507d79b 5cbc5748b6be6359760c73cfe10ca19521af704ca6d91ff32fc0739527b9385d415 shared_secret: 1a45aa4792f4b166bfee7eeab0096c1a6e497480e2261b2a59aad12f2768d469 key_schedule_context:02b738cd703db7b4106e93b4621e9a19c89c838e55964240e5 d3f331aaf8b0d58b2e986ea1c671b61cf45eec134dac0bae58ec6f63e790b1400b47c330 38b0269c02b738cd703db7b4106e93b4621e9a19c89c838e559642 40e5d3f331aaf8b0d58b2e986ea1c671b61cf45eec134dac0bae58ec6f63e790b140 0b47c33038b0269c secret: 9193210815b87a4c5496c9d73e609a6c92665b5ea0d760866294906d089ebb57 key: cf292f8a4313280a462ce55cde05b5aa5744fe4ca89a5d81b0146a5eaca8092d base_nonce: 7e45c21e20e869ae00492123 exporter_secret: dba6e307f71769ba11e2c687cc19592f9d436da0c81e772d7a8a9fd28e54355f]]></artwork>]]></sourcecode> <section anchor="encryptions-18" numbered="true" toc="default"> <name>Encryptions</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ sequence number: 0 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d30 nonce: 7e45c21e20e869ae00492123 ct:25881f219935eec5ba70d7b421f13c35005734f3e4d959680270f55d71e2f5cb3bd2 daced2770bf3d9d491687225881f219935eec5ba70d7b421f13c35005734f3e4d959680270f55d71e2f5cb 3bd2daced2770bf3d9d4916872 sequence number: 1 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d31 nonce: 7e45c21e20e869ae00492122 ct:653f0036e52a376f5d2dd85b3204b55455b7835c231255ae098d09ed138719b97185 129786338ab6543f753193653f0036e52a376f5d2dd85b3204b55455b7835c231255ae098d09ed138719b9 7185129786338ab6543f753193 sequence number: 2 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d32 nonce: 7e45c21e20e869ae00492121 ct:60878706117f22180c788e62df6a595bc41906096a11a9513e84f0141e43239e81a9 8d7a235abc64112fcb8ddd60878706117f22180c788e62df6a595bc41906096a11a9513e84f0141e43239e 81a98d7a235abc64112fcb8ddd sequence number: 4 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d34 nonce: 7e45c21e20e869ae00492127 ct:0f9094dd08240b5fa7a388b824d19d5b4b1e126cebfd67a062c32f9ba9f1f3866cc3 8de7df2702626e2ab65c0f0f9094dd08240b5fa7a388b824d19d5b4b1e126cebfd67a062c32f9ba9f1f386 6cc38de7df2702626e2ab65c0f sequence number: 255 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d323535 nonce: 7e45c21e20e869ae004921dc ct:dd29319e08135c5f8401d6537a364e92172c0e3f095f3fd18923881d11c0a6839345 dd0b54acd0edd8f8344792dd29319e08135c5f8401d6537a364e92172c0e3f095f3fd18923881d11c0a683 9345dd0b54acd0edd8f8344792 sequence number: 256 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d323536 nonce: 7e45c21e20e869ae00492023 ct:e2276ec5047bc4b6ed57d6da7da2fb47a77502f0a30f17d040247c73da336d722bc6 c89adf68396a0912c6d152 ]]></artwork>e2276ec5047bc4b6ed57d6da7da2fb47a77502f0a30f17d040247c73da336d72 2bc6c89adf68396a0912c6d152 ]]></sourcecode> </section> <section anchor="exported-values-18" numbered="true" toc="default"> <name>Exported Values</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ exporter_context: L: 32 exported_value: 56c4d6c1d3a46c70fd8f4ecda5d27c70886e348efb51bd5edeaa39ff6ce34389 exporter_context: 00 L: 32 exported_value: d2d3e48ed76832b6b3f28fa84be5f11f09533c0e3c71825a34fb0f1320891b51 exporter_context: 54657374436f6e74657874 L: 32 exported_value: eb0d312b6263995b4c7761e64b688c215ffd6043ff3bad2368c862784cbe6eff]]></artwork>]]></sourcecode> </section> </section> <section anchor="authpsk-setup-information-4" numbered="true" toc="default"> <name>AuthPSK Setup Information</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ mode: 3 kem_id: 16 kdf_id: 1 aead_id: 3 info: 4f6465206f6e2061204772656369616e2055726e ikmE: f3a07f194703e321ef1f753a1b9fe27a498dfdfa309151d70bedd896c239c499 pkEm:043539917ee26f8ae0aa5f784a387981b13de33124a3cde88b94672030183110f3 31400115855808244ff0c5b6ca6104483ac95724481d41bdcd9f15b430ad16f6043539917ee26f8ae0aa5f784a387981b13de33124a3cde88b946720301831 10f331400115855808244ff0c5b6ca6104483ac95724481d41bdcd9f15b430ad16f6 skEm: 11b7e4de2d919240616a31ab14944cced79bc2372108bb98f6792e3b645fe546 ikmR: 1240e55a0a03548d7f963ef783b6a7362cb505e6b31dfd04c81d9b294543bfbd pkRm:04d383fd920c42d018b9d57fd73a01f1eee480008923f67d35169478e55d2e8817 068daf62a06b10e0aad4a9e429fa7f904481be96b79a9c231a33e956c20b81b604d383fd920c42d018b9d57fd73a01f1eee480008923f67d35169478e55d2e 8817068daf62a06b10e0aad4a9e429fa7f904481be96b79a9c231a33e956c20b81b6 skRm: c29fc577b7e74d525c0043f1c27540a1248e4f2c8d297298e99010a92e94865c ikmS: ce2a0387a2eb8870a3a92c34a2975f0f3f271af4384d446c7dc1524a6c6c515a pkSm:0492cf8c9b144b742fe5a63d9a181a19d416f3ec8705f24308ad316564823c344e 018bd7c03a33c926bb271b28ef5bf28c0ca00abff249fee5ef7f33315ff34fdb0492cf8c9b144b742fe5a63d9a181a19d416f3ec8705f24308ad316564823c 344e018bd7c03a33c926bb271b28ef5bf28c0ca00abff249fee5ef7f33315ff34fdb skSm: 53541bd995f874a67f8bfd8038afa67fd68876801f42ff47d0dc2a4deea067ae psk: 0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82 psk_id: 456e6e796e20447572696e206172616e204d6f726961 enc:043539917ee26f8ae0aa5f784a387981b13de33124a3cde88b94672030183110f33 1400115855808244ff0c5b6ca6104483ac95724481d41bdcd9f15b430ad16f6043539917ee26f8ae0aa5f784a387981b13de33124a3cde88b9467203018311 0f331400115855808244ff0c5b6ca6104483ac95724481d41bdcd9f15b430ad16f6 shared_secret: 87584311791036a3019bc36803cdd42e9a8931a98b13c88835f2f8a9036a4fd6 key_schedule_context:03622b72afcc3795841596c67ea74400ca3b029374d7d5640b da367c5d67b3fbeb2e986ea1c671b61cf45eec134dac0bae58ec6f63e790b1400b47c330 38b0269c03622b72afcc3795841596c67ea74400ca3b029374d7d5 640bda367c5d67b3fbeb2e986ea1c671b61cf45eec134dac0bae58ec6f63e790b140 0b47c33038b0269c secret: fe52b4412590e825ea2603fa88e145b2ee014b942a774b55fab4f081301f16f4 key: 31e140c8856941315d4067239fdc4ebe077fbf45a6fc78a61e7a6c8b3bacb10a base_nonce: 75838a8010d2e4760254dd56 exporter_secret: 600895965755db9c5027f25f039a6e3e506c35b3b7084ce33c4a48d59ee1f0e3]]></artwork>]]></sourcecode> <section anchor="encryptions-19" numbered="true" toc="default"> <name>Encryptions</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ sequence number: 0 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d30 nonce: 75838a8010d2e4760254dd56 ct:9eadfa0f954835e7e920ffe56dec6b31a046271cf71fdda55db72926e1d8fae94cc6 280fcfabd8db71eaa65c059eadfa0f954835e7e920ffe56dec6b31a046271cf71fdda55db72926e1d8fae9 4cc6280fcfabd8db71eaa65c05 sequence number: 1 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d31 nonce: 75838a8010d2e4760254dd57 ct:e357ad10d75240224d4095c9f6150a2ed2179c0f878e4f2db8ca95d365d174d059ff 8c3eb38ea9a65cfc8eaeb8e357ad10d75240224d4095c9f6150a2ed2179c0f878e4f2db8ca95d365d174d0 59ff8c3eb38ea9a65cfc8eaeb8 sequence number: 2 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d32 nonce: 75838a8010d2e4760254dd54 ct:2fa56d00f8dd479d67a2ec3308325cf3bbccaf102a64ffccdb006bd7dcb932685b9a 7b49cdc094a85fec1da5ef2fa56d00f8dd479d67a2ec3308325cf3bbccaf102a64ffccdb006bd7dcb93268 5b9a7b49cdc094a85fec1da5ef sequence number: 4 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d34 nonce: 75838a8010d2e4760254dd52 ct:1fe9d6db14965003ed81a39abf240f9cd7c5a454bca0d69ef9a2de16d537364fbbf1 10b9ef11fa4a7a0172f0ce1fe9d6db14965003ed81a39abf240f9cd7c5a454bca0d69ef9a2de16d537364f bbf110b9ef11fa4a7a0172f0ce sequence number: 255 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d323535 nonce: 75838a8010d2e4760254dda9 ct:eaf4041a5c9122b22d1f8d698eeffe45d64b4ae33d0ddca3a4cdf4a5f595acc95a1a 9334d06cc4d000df6aaad6eaf4041a5c9122b22d1f8d698eeffe45d64b4ae33d0ddca3a4cdf4a5f595acc9 5a1a9334d06cc4d000df6aaad6 sequence number: 256 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d323536 nonce: 75838a8010d2e4760254dc56 ct:fb857f4185ce5286c1a52431867537204963ea66a3eee8d2a74419fd8751faee066d 08277ac7880473aa4143ba ]]></artwork>fb857f4185ce5286c1a52431867537204963ea66a3eee8d2a74419fd8751faee 066d08277ac7880473aa4143ba ]]></sourcecode> </section> <section anchor="exported-values-19" numbered="true" toc="default"> <name>Exported Values</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ exporter_context: L: 32 exported_value: c52b4592cd33dd38b2a3613108ddda28dcf7f03d30f2a09703f758bfa8029c9a exporter_context: 00 L: 32 exported_value: 2f03bebc577e5729e148554991787222b5c2a02b77e9b1ac380541f710e5a318 exporter_context: 54657374436f6e74657874 L: 32 exported_value: e01dd49e8bfc3d9216abc1be832f0418adf8b47a7b5a330a7436c31e33d765d7]]></artwork>]]></sourcecode> </section> </section> </section> <section anchor="dhkemp-521-hkdf-sha512-hkdf-sha512-aes-256-gcm" numbered="true" toc="default"> <name>DHKEM(P-521, HKDF-SHA512), HKDF-SHA512, AES-256-GCM</name> <section anchor="base-setup-information-5" numbered="true" toc="default"> <name>Base Setup Information</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ mode: 0 kem_id: 18 kdf_id: 3 aead_id: 2 info: 4f6465206f6e2061204772656369616e2055726e ikmE:7f06ab8215105fc46aceeb2e3dc5028b44364f960426eb0d8e4026c2f8b5d7e7a9 86688f1591abf5ab753c357a5d6f0440414b4ed4ede71317772ac98d9239f709047f06ab8215105fc46aceeb2e3dc5028b44364f960426eb0d8e4026c2f8b5d7 e7a986688f1591abf5ab753c357a5d6f0440414b4ed4ede71317772ac98d9239f709 04 pkEm:040138b385ca16bb0d5fa0c0665fbbd7e69e3ee29f63991d3e9b5fa740aab8900a aeed46ed73a49055758425a0ce36507c54b29cc5b85a5cee6bae0cf1c21f2731ece2013d c3fb7c8d21654bb161b463962ca19e8c654ff24c94dd2898de12051f1ed0692237fb02b2 f8d1dc1c73e9b366b529eb436e98a996ee522aef863dd5739d2f29b0040138b385ca16bb0d5fa0c0665fbbd7e69e3ee29f63991d3e9b5fa740aab8 900aaeed46ed73a49055758425a0ce36507c54b29cc5b85a5cee6bae0cf1c21f2731 ece2013dc3fb7c8d21654bb161b463962ca19e8c654ff24c94dd2898de12051f1ed0 692237fb02b2f8d1dc1c73e9b366b529eb436e98a996ee522aef863dd5739d2f29b0 skEm:014784c692da35df6ecde98ee43ac425dbdd0969c0c72b42f2e708ab9d535415a8 569bdacfcc0a114c85b8e3f26acf4d68115f8c91a66178cdbd03b7bcc5291e374b014784c692da35df6ecde98ee43ac425dbdd0969c0c72b42f2e708ab9d5354 15a8569bdacfcc0a114c85b8e3f26acf4d68115f8c91a66178cdbd03b7bcc5291e37 4b ikmR:2ad954bbe39b7122529f7dde780bff626cd97f850d0784a432784e69d86eccaade 43b6c10a8ffdb94bf943c6da479db137914ec835a7e715e36e45e29b587bab3bf12ad954bbe39b7122529f7dde780bff626cd97f850d0784a432784e69d86ecc aade43b6c10a8ffdb94bf943c6da479db137914ec835a7e715e36e45e29b587bab3b f1 pkRm:0401b45498c1714e2dce167d3caf162e45e0642afc7ed435df7902ccae0e84ba0f 7d373f646b7738bbbdca11ed91bdeae3cdcba3301f2457be452f271fa6837580e661012a f49583a62e48d44bed350c7118c0d8dc861c238c72a2bda17f64704f464b57338e7f40b6 0959480c0e58e6559b190d81663ed816e523b6b6a418f66d2451ec640401b45498c1714e2dce167d3caf162e45e0642afc7ed435df7902ccae0e84 ba0f7d373f646b7738bbbdca11ed91bdeae3cdcba3301f2457be452f271fa6837580 e661012af49583a62e48d44bed350c7118c0d8dc861c238c72a2bda17f64704f464b 57338e7f40b60959480c0e58e6559b190d81663ed816e523b6b6a418f66d2451ec64 skRm:01462680369ae375e4b3791070a7458ed527842f6a98a79ff5e0d4cbde83c27196 a3916956655523a6a2556a7af62c5cadabe2ef9da3760bb21e005202f7b246284701462680369ae375e4b3791070a7458ed527842f6a98a79ff5e0d4cbde83c2 7196a3916956655523a6a2556a7af62c5cadabe2ef9da3760bb21e005202f7b24628 47 enc:040138b385ca16bb0d5fa0c0665fbbd7e69e3ee29f63991d3e9b5fa740aab8900aa eed46ed73a49055758425a0ce36507c54b29cc5b85a5cee6bae0cf1c21f2731ece2013dc 3fb7c8d21654bb161b463962ca19e8c654ff24c94dd2898de12051f1ed0692237fb02b2f 8d1dc1c73e9b366b529eb436e98a996ee522aef863dd5739d2f29b0040138b385ca16bb0d5fa0c0665fbbd7e69e3ee29f63991d3e9b5fa740aab89 00aaeed46ed73a49055758425a0ce36507c54b29cc5b85a5cee6bae0cf1c21f2731e ce2013dc3fb7c8d21654bb161b463962ca19e8c654ff24c94dd2898de12051f1ed06 92237fb02b2f8d1dc1c73e9b366b529eb436e98a996ee522aef863dd5739d2f29b0 shared_secret:776ab421302f6eff7d7cb5cb1adaea0cd50872c71c2d63c30c4f1d5e4 3653336fef33b103c67e7a98add2d3b66e2fda95b5b2a667aa9dac7e59cc1d46d30e818776ab421302f6eff7d7cb5cb1adaea0cd50872c71c2d63c30c4f1 d5e43653336fef33b103c67e7a98add2d3b66e2fda95b5b2a667aa9dac7e59cc1d46 d30e818 key_schedule_context:0083a27c5b2358ab4dae1b2f5d8f57f10ccccc822a473326f5 43f239a70aee46347324e84e02d7651a10d08fb3dda739d22d50c53fbfa8122baacd0f9a e5913072ef45baa1f3a4b169e141feb957e48d03f28c837d8904c3d6775308c3d3faa75d d64adfa44e1a1141edf9349959b8f8e5291cbdc56f62b0ed6527d692e85b09a40083a27c5b2358ab4dae1b2f5d8f57f10ccccc822a4733 26f543f239a70aee46347324e84e02d7651a10d08fb3dda739d22d50c53fbfa8122b aacd0f9ae5913072ef45baa1f3a4b169e141feb957e48d03f28c837d8904c3d67753 08c3d3faa75dd64adfa44e1a1141edf9349959b8f8e5291cbdc56f62b0ed6527d692 e85b09a4 secret:49fd9f53b0f93732555b2054edfdc0e3101000d75df714b98ce5aa295a37f1b1 8dfa86a1c37286d805d3ea09a20b72f93c21e83955a1f01eb7c5eead563d21e749fd9f53b0f93732555b2054edfdc0e3101000d75df714b98ce5aa295a37 f1b18dfa86a1c37286d805d3ea09a20b72f93c21e83955a1f01eb7c5eead563d21e7 key: 751e346ce8f0ddb2305c8a2a85c70d5cf559c53093656be636b9406d4d7d1b70 base_nonce: 55ff7a7d739c69f44b25447b exporter_secret:e4ff9dfbc732a2b9c75823763c5ccc954a2c0648fc6de80a5858125 2d0ee3215388a4455e69086b50b87eb28c169a52f42e71de4ca61c920e7bd24c95cc3f99 2 ]]></artwork>e4ff9dfbc732a2b9c75823763c5ccc954a2c0648fc6de80a585 81252d0ee3215388a4455e69086b50b87eb28c169a52f42e71de4ca61c920e7bd24c 95cc3f992 ]]></sourcecode> <section anchor="encryptions-20" numbered="true" toc="default"> <name>Encryptions</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ sequence number: 0 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d30 nonce: 55ff7a7d739c69f44b25447b ct:170f8beddfe949b75ef9c387e201baf4132fa7374593dfafa90768788b7b2b200aaf cc6d80ea4c795a7c5b841a170f8beddfe949b75ef9c387e201baf4132fa7374593dfafa90768788b7b2b20 0aafcc6d80ea4c795a7c5b841a sequence number: 1 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d31 nonce: 55ff7a7d739c69f44b25447a ct:d9ee248e220ca24ac00bbbe7e221a832e4f7fa64c4fbab3945b6f3af0c5ecd5e1681 5b328be4954a05fd352256d9ee248e220ca24ac00bbbe7e221a832e4f7fa64c4fbab3945b6f3af0c5ecd5e 16815b328be4954a05fd352256 sequence number: 2 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d32 nonce: 55ff7a7d739c69f44b254479 ct:142cf1e02d1f58d9285f2af7dcfa44f7c3f2d15c73d460c48c6e0e506a3144bae352 84e7e221105b61d24e1c7a142cf1e02d1f58d9285f2af7dcfa44f7c3f2d15c73d460c48c6e0e506a3144ba e35284e7e221105b61d24e1c7a sequence number: 4 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d34 nonce: 55ff7a7d739c69f44b25447f ct:3bb3a5a07100e5a12805327bf3b152df728b1c1be75a9fd2cb2bf5eac0cca1fb80ad db37eb2a32938c7268e3e53bb3a5a07100e5a12805327bf3b152df728b1c1be75a9fd2cb2bf5eac0cca1fb 80addb37eb2a32938c7268e3e5 sequence number: 255 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d323535 nonce: 55ff7a7d739c69f44b254484 ct:4f268d0930f8d50b8fd9d0f26657ba25b5cb08b308c92e33382f369c768b558e113a c95a4c70dd60909ad1adc74f268d0930f8d50b8fd9d0f26657ba25b5cb08b308c92e33382f369c768b558e 113ac95a4c70dd60909ad1adc7 sequence number: 256 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d323536 nonce: 55ff7a7d739c69f44b25457b ct:dbbfc44ae037864e75f136e8b4b4123351d480e6619ae0e0ae437f036f2f8f1ef677 686323977a1ccbb4b4f16a ]]></artwork>dbbfc44ae037864e75f136e8b4b4123351d480e6619ae0e0ae437f036f2f8f1e f677686323977a1ccbb4b4f16a ]]></sourcecode> </section> <section anchor="exported-values-20" numbered="true" toc="default"> <name>Exported Values</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ exporter_context: L: 32 exported_value: 05e2e5bd9f0c30832b80a279ff211cc65eceb0d97001524085d609ead60d0412 exporter_context: 00 L: 32 exported_value: fca69744bb537f5b7a1596dbf34eaa8d84bf2e3ee7f1a155d41bd3624aa92b63 exporter_context: 54657374436f6e74657874 L: 32 exported_value: f389beaac6fcf6c0d9376e20f97e364f0609a88f1bc76d7328e9104df8477013]]></artwork>]]></sourcecode> </section> </section> <section anchor="psk-setup-information-5" numbered="true" toc="default"> <name>PSK Setup Information</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ mode: 1 kem_id: 18 kdf_id: 3 aead_id: 2 info: 4f6465206f6e2061204772656369616e2055726e ikmE:f3ebfa9a69a924e672114fcd9e06fa9559e937f7eccce4181a2b506df53dbe514b e12f094bb28e01de19dd345b4f7ede5ad7eaa6b9c3019592ec68eaae9a14732ce0f3ebfa9a69a924e672114fcd9e06fa9559e937f7eccce4181a2b506df53dbe 514be12f094bb28e01de19dd345b4f7ede5ad7eaa6b9c3019592ec68eaae9a14732c e0 pkEm:040085eff0835cc84351f32471d32aa453cdc1f6418eaaecf1c2824210eb1d48d0 768b368110fab21407c324b8bb4bec63f042cfa4d0868d19b760eb4beba1bff793b30036 d2c614d55730bd2a40c718f9466faf4d5f8170d22b6df98dfe0c067d02b349ae4a142e0c 03418f0a1479ff78a3db07ae2c2e89e5840f712c174ba2118e90fdcb040085eff0835cc84351f32471d32aa453cdc1f6418eaaecf1c2824210eb1d 48d0768b368110fab21407c324b8bb4bec63f042cfa4d0868d19b760eb4beba1bff7 93b30036d2c614d55730bd2a40c718f9466faf4d5f8170d22b6df98dfe0c067d02b3 49ae4a142e0c03418f0a1479ff78a3db07ae2c2e89e5840f712c174ba2118e90fdcb skEm:012e5cfe0daf5fe2a1cd617f4c4bae7c86f1f527b3207f115e262a98cc65268ec8 8cb8645aec73b7aa0a472d0292502d1078e762646e0c093cf873243d12c39915f6012e5cfe0daf5fe2a1cd617f4c4bae7c86f1f527b3207f115e262a98cc6526 8ec88cb8645aec73b7aa0a472d0292502d1078e762646e0c093cf873243d12c39915 f6 ikmR:a2a2458705e278e574f835effecd18232f8a4c459e7550a09d44348ae5d3b1ea9d 95c51995e657ad6f7cae659f5e186126a471c017f8f5e41da9eba74d4e0473e179a2a2458705e278e574f835effecd18232f8a4c459e7550a09d44348ae5d3b1 ea9d95c51995e657ad6f7cae659f5e186126a471c017f8f5e41da9eba74d4e0473e1 79 pkRm:04006917e049a2be7e1482759fb067ddb94e9c4f7f5976f655088dec45246614ff 924ed3b385fc2986c0ecc39d14f907bf837d7306aada59dd5889086125ecd038ead40060 3394b5d81f89ebfd556a898cc1d6a027e143d199d3db845cb91c5289fb26c5ff80832935 b0e8dd08d37c6185a6f77683347e472d1edb6daa6bd7652fea628fae04006917e049a2be7e1482759fb067ddb94e9c4f7f5976f655088dec452466 14ff924ed3b385fc2986c0ecc39d14f907bf837d7306aada59dd5889086125ecd038 ead400603394b5d81f89ebfd556a898cc1d6a027e143d199d3db845cb91c5289fb26 c5ff80832935b0e8dd08d37c6185a6f77683347e472d1edb6daa6bd7652fea628fae skRm:011bafd9c7a52e3e71afbdab0d2f31b03d998a0dc875dd7555c63560e142bde264 428de03379863b4ec6138f813fa009927dc5d15f62314c56d4e7ff2b485753eb72011bafd9c7a52e3e71afbdab0d2f31b03d998a0dc875dd7555c63560e142bd e264428de03379863b4ec6138f813fa009927dc5d15f62314c56d4e7ff2b485753eb 72 psk: 0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82 psk_id: 456e6e796e20447572696e206172616e204d6f726961 enc:040085eff0835cc84351f32471d32aa453cdc1f6418eaaecf1c2824210eb1d48d07 68b368110fab21407c324b8bb4bec63f042cfa4d0868d19b760eb4beba1bff793b30036d 2c614d55730bd2a40c718f9466faf4d5f8170d22b6df98dfe0c067d02b349ae4a142e0c0 3418f0a1479ff78a3db07ae2c2e89e5840f712c174ba2118e90fdcb040085eff0835cc84351f32471d32aa453cdc1f6418eaaecf1c2824210eb1d4 8d0768b368110fab21407c324b8bb4bec63f042cfa4d0868d19b760eb4beba1bff79 3b30036d2c614d55730bd2a40c718f9466faf4d5f8170d22b6df98dfe0c067d02b34 9ae4a142e0c03418f0a1479ff78a3db07ae2c2e89e5840f712c174ba2118e90fdcb shared_secret:0d52de997fdaa4797720e8b1bebd3df3d03c4cf38cc8c1398168d36c3 fc7626428c9c254dd3f9274450909c64a5b3acbe45e2d850a2fd69ac0605fe5c8a057a50d52de997fdaa4797720e8b1bebd3df3d03c4cf38cc8c1398168d 36c3fc7626428c9c254dd3f9274450909c64a5b3acbe45e2d850a2fd69ac0605fe5c 8a057a5 key_schedule_context:0124497637cf18d6fbcc16e9f652f00244c981726f293bb781 9861e85e50c94f0be30e022ab081e18e6f299fd3d3d976a4bc590f85bc7711bfce32ee1a 7fb1c154ef45baa1f3a4b169e141feb957e48d03f28c837d8904c3d6775308c3d3faa75d d64adfa44e1a1141edf9349959b8f8e5291cbdc56f62b0ed6527d692e85b09a40124497637cf18d6fbcc16e9f652f00244c981726f293b b7819861e85e50c94f0be30e022ab081e18e6f299fd3d3d976a4bc590f85bc7711bf ce32ee1a7fb1c154ef45baa1f3a4b169e141feb957e48d03f28c837d8904c3d67753 08c3d3faa75dd64adfa44e1a1141edf9349959b8f8e5291cbdc56f62b0ed6527d692 e85b09a4 secret:2cf425e26f65526afc0634a3dba4e28d980c1015130ce07c2ac7530d7a391a75 e5a0db428b09f27ad4d975b4ad1e7f85800e03ffeea35e8cf3fe67b18d4a13452cf425e26f65526afc0634a3dba4e28d980c1015130ce07c2ac7530d7a39 1a75e5a0db428b09f27ad4d975b4ad1e7f85800e03ffeea35e8cf3fe67b18d4a1345 key: f764a5a4b17e5d1ffba6e699d65560497ebaea6eb0b0d9010a6d979e298a39ff base_nonce: 479afdf3546ddba3a9841f38 exporter_secret:5c3d4b65a13570502b93095ef196c42c8211a4a188c4590d3586366 5c705bb140ecba6ce9256be3fad35b4378d41643867454612adfd0542a684b61799bf293 f ]]></artwork>5c3d4b65a13570502b93095ef196c42c8211a4a188c4590d358 63665c705bb140ecba6ce9256be3fad35b4378d41643867454612adfd0542a684b61 799bf293f ]]></sourcecode> <section anchor="encryptions-21" numbered="true" toc="default"> <name>Encryptions</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ sequence number: 0 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d30 nonce: 479afdf3546ddba3a9841f38 ct:de69e9d943a5d0b70be3359a19f317bd9aca4a2ebb4332a39bcdfc97d5fe62f3a777 02f4822c3be531aa7843a1de69e9d943a5d0b70be3359a19f317bd9aca4a2ebb4332a39bcdfc97d5fe62f3 a77702f4822c3be531aa7843a1 sequence number: 1 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d31 nonce: 479afdf3546ddba3a9841f39 ct:77a16162831f90de350fea9152cfc685ecfa10acb4f7994f41aed43fa5431f2382d0 78ec88baec53943984553e77a16162831f90de350fea9152cfc685ecfa10acb4f7994f41aed43fa5431f23 82d078ec88baec53943984553e sequence number: 2 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d32 nonce: 479afdf3546ddba3a9841f3a ct:f1d48d09f126b9003b4c7d3fe6779c7c92173188a2bb7465ba43d899a6398a333914 d2bb19fd769d53f3ec7336f1d48d09f126b9003b4c7d3fe6779c7c92173188a2bb7465ba43d899a6398a33 3914d2bb19fd769d53f3ec7336 sequence number: 4 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d34 nonce: 479afdf3546ddba3a9841f3c ct:829b11c082b0178082cd595be6d73742a4721b9ac05f8d2ef8a7704a53022d82bd0d 8571f578c5c13b99eccff8829b11c082b0178082cd595be6d73742a4721b9ac05f8d2ef8a7704a53022d82 bd0d8571f578c5c13b99eccff8 sequence number: 255 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d323535 nonce: 479afdf3546ddba3a9841fc7 ct:a3ee291e20f37021e82df14d41f3fbe98b27c43b318a36cacd8471a3b1051ab12ee0 55b62ded95b72a63199a3fa3ee291e20f37021e82df14d41f3fbe98b27c43b318a36cacd8471a3b1051ab1 2ee055b62ded95b72a63199a3f sequence number: 256 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d323536 nonce: 479afdf3546ddba3a9841e38 ct:eecc2173ce1ac14b27ee67041e90ed50b7809926e55861a579949c07f6d26137bf9c f0d097f60b5fd2fbf348ec ]]></artwork>eecc2173ce1ac14b27ee67041e90ed50b7809926e55861a579949c07f6d26137 bf9cf0d097f60b5fd2fbf348ec ]]></sourcecode> </section> <section anchor="exported-values-21" numbered="true" toc="default"> <name>Exported Values</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ exporter_context: L: 32 exported_value: 62691f0f971e34de38370bff24deb5a7d40ab628093d304be60946afcdb3a936 exporter_context: 00 L: 32 exported_value: 76083c6d1b6809da088584674327b39488eaf665f0731151128452e04ce81bff exporter_context: 54657374436f6e74657874 L: 32 exported_value: 0c7cfc0976e25ae7680cf909ae2de1859cd9b679610a14bec40d69b91785b2f6]]></artwork>]]></sourcecode> </section> </section> <section anchor="auth-setup-information-5" numbered="true" toc="default"> <name>Auth Setup Information</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ mode: 2 kem_id: 18 kdf_id: 3 aead_id: 2 info: 4f6465206f6e2061204772656369616e2055726e ikmE:fe1c589c2a05893895a537f38c7cb4300b5a7e8fef3d6ccb8f07a498029c61e902 62e009dc254c7f6235f9c6b2fd6aeff0a714db131b09258c16e217b7bd2aa619b0fe1c589c2a05893895a537f38c7cb4300b5a7e8fef3d6ccb8f07a498029c61 e90262e009dc254c7f6235f9c6b2fd6aeff0a714db131b09258c16e217b7bd2aa619 b0 pkEm:04017de12ede7f72cb101dab36a111265c97b3654816dcd6183f809d4b3d111fe7 59497f8aefdc5dbb40d3e6d21db15bdc60f15f2a420761bcaeef73b891c2b117e9cf01e2 9320b799bbc86afdc5ea97d941ea1c5bd5ebeeac7a784b3bab524746f3e640ec26ee1bd9 1255f9330d974f845084637ee0e6fe9f505c5b87c86a4e1a6c3096dd04017de12ede7f72cb101dab36a111265c97b3654816dcd6183f809d4b3d11 1fe759497f8aefdc5dbb40d3e6d21db15bdc60f15f2a420761bcaeef73b891c2b117 e9cf01e29320b799bbc86afdc5ea97d941ea1c5bd5ebeeac7a784b3bab524746f3e6 40ec26ee1bd91255f9330d974f845084637ee0e6fe9f505c5b87c86a4e1a6c3096dd skEm:0185f03560de87bb2c543ef03607f3c33ac09980000de25eabe3b224312946330d 2e65d192d3b4aa46ca92fc5ca50736b624402d95f6a80dc04d1f10ae95171372610185f03560de87bb2c543ef03607f3c33ac09980000de25eabe3b224312946 330d2e65d192d3b4aa46ca92fc5ca50736b624402d95f6a80dc04d1f10ae95171372 61 ikmR:8feea0438481fc0ecd470d6adfcda334a759c6b8650452c5a5dd9b2dd2cc9be33d 2bb7ee64605fc07ab4664a58bb9a8de80defe510b6c97d2daf85b92cd4bb0a66bf8feea0438481fc0ecd470d6adfcda334a759c6b8650452c5a5dd9b2dd2cc9b e33d2bb7ee64605fc07ab4664a58bb9a8de80defe510b6c97d2daf85b92cd4bb0a66 bf pkRm:04007d419b8834e7513d0e7cc66424a136ec5e11395ab353da324e3586673ee73d 53ab34f30a0b42a92d054d0db321b80f6217e655e304f72793767c4231785c4a4a6e008f 31b93b7a4f2b8cd12e5fe5a0523dc71353c66cbdad51c86b9e0bdfcd9a45698f2dab1809 ab1b0f88f54227232c858accc44d9a8d41775ac026341564a2d749f404007d419b8834e7513d0e7cc66424a136ec5e11395ab353da324e3586673e e73d53ab34f30a0b42a92d054d0db321b80f6217e655e304f72793767c4231785c4a 4a6e008f31b93b7a4f2b8cd12e5fe5a0523dc71353c66cbdad51c86b9e0bdfcd9a45 698f2dab1809ab1b0f88f54227232c858accc44d9a8d41775ac026341564a2d749f4 skRm:013ef326940998544a899e15e1726548ff43bbdb23a8587aa3bef9d1b857338d87 287df5667037b519d6a14661e9503cfc95a154d93566d8c84e95ce93ad05293a0b013ef326940998544a899e15e1726548ff43bbdb23a8587aa3bef9d1b85733 8d87287df5667037b519d6a14661e9503cfc95a154d93566d8c84e95ce93ad05293a 0b ikmS:2f66a68b85ef04822b054ef521838c00c64f8b6226935593b69e13a1a2461a4f1a 74c10c836e87eed150c0db85d4e4f506cbb746149befac6f5c07dc48a615ef92db2f66a68b85ef04822b054ef521838c00c64f8b6226935593b69e13a1a2461a 4f1a74c10c836e87eed150c0db85d4e4f506cbb746149befac6f5c07dc48a615ef92 db pkSm:04015cc3636632ea9a3879e43240beae5d15a44fba819282fac26a19c989fafdd0 f330b8521dff7dc393101b018c1e65b07be9f5fc9a28a1f450d6a541ee0d76221133001e 8f0f6a05ab79f9b9bb9ccce142a453d59c5abebb5674839d935a3ca1a3fbc328539a60b3 bc3c05fed22838584a726b9c176796cad0169ba4093332cbd2dc3a9f04015cc3636632ea9a3879e43240beae5d15a44fba819282fac26a19c989fa fdd0f330b8521dff7dc393101b018c1e65b07be9f5fc9a28a1f450d6a541ee0d7622 1133001e8f0f6a05ab79f9b9bb9ccce142a453d59c5abebb5674839d935a3ca1a3fb c328539a60b3bc3c05fed22838584a726b9c176796cad0169ba4093332cbd2dc3a9f skSm:001018584599625ff9953b9305849850d5e34bd789d4b81101139662fbea8b6508 ddb9d019b0d692e737f66beae3f1f783e744202aaf6fea01506c27287e359fe776001018584599625ff9953b9305849850d5e34bd789d4b81101139662fbea8b 6508ddb9d019b0d692e737f66beae3f1f783e744202aaf6fea01506c27287e359fe7 76 enc:04017de12ede7f72cb101dab36a111265c97b3654816dcd6183f809d4b3d111fe75 9497f8aefdc5dbb40d3e6d21db15bdc60f15f2a420761bcaeef73b891c2b117e9cf01e29 320b799bbc86afdc5ea97d941ea1c5bd5ebeeac7a784b3bab524746f3e640ec26ee1bd91 255f9330d974f845084637ee0e6fe9f505c5b87c86a4e1a6c3096dd04017de12ede7f72cb101dab36a111265c97b3654816dcd6183f809d4b3d111 fe759497f8aefdc5dbb40d3e6d21db15bdc60f15f2a420761bcaeef73b891c2b117e 9cf01e29320b799bbc86afdc5ea97d941ea1c5bd5ebeeac7a784b3bab524746f3e64 0ec26ee1bd91255f9330d974f845084637ee0e6fe9f505c5b87c86a4e1a6c3096dd shared_secret:26648fa2a2deb0bfc56349a590fd4cb7108a51797b634694fc02061e8 d91b3576ac736a68bf848fe2a58dfb1956d266e68209a4d631e513badf8f4dcfc00f30a26648fa2a2deb0bfc56349a590fd4cb7108a51797b634694fc020 61e8d91b3576ac736a68bf848fe2a58dfb1956d266e68209a4d631e513badf8f4dcf c00f30a key_schedule_context:0283a27c5b2358ab4dae1b2f5d8f57f10ccccc822a473326f5 43f239a70aee46347324e84e02d7651a10d08fb3dda739d22d50c53fbfa8122baacd0f9a e5913072ef45baa1f3a4b169e141feb957e48d03f28c837d8904c3d6775308c3d3faa75d d64adfa44e1a1141edf9349959b8f8e5291cbdc56f62b0ed6527d692e85b09a40283a27c5b2358ab4dae1b2f5d8f57f10ccccc822a4733 26f543f239a70aee46347324e84e02d7651a10d08fb3dda739d22d50c53fbfa8122b aacd0f9ae5913072ef45baa1f3a4b169e141feb957e48d03f28c837d8904c3d67753 08c3d3faa75dd64adfa44e1a1141edf9349959b8f8e5291cbdc56f62b0ed6527d692 e85b09a4 secret:56b7acb7355d080922d2ddc227829c2276a0b456087654b3ac4b53828bd34af8 cf54626f85af858a15a86eba73011665cc922bc59fd07d2975f356d2674db55456b7acb7355d080922d2ddc227829c2276a0b456087654b3ac4b53828bd3 4af8cf54626f85af858a15a86eba73011665cc922bc59fd07d2975f356d2674db554 key: 01fced239845e53f0ec616e71777883a1f9fcab22a50f701bdeee17ad040e44d base_nonce: 9752b85fe8c73eda183f9e80 exporter_secret:80466a9d9cc5112ddad297e817e038801e15fa18152bc4dc010a35d 7f534089c87c98b4bacd7bbc6276c4002a74085adcd9019fca6139826b5292569cfb7fe4 7 ]]></artwork>80466a9d9cc5112ddad297e817e038801e15fa18152bc4dc010 a35d7f534089c87c98b4bacd7bbc6276c4002a74085adcd9019fca6139826b529256 9cfb7fe47 ]]></sourcecode> <section anchor="encryptions-22" numbered="true" toc="default"> <name>Encryptions</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ sequence number: 0 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d30 nonce: 9752b85fe8c73eda183f9e80 ct:0116aeb3a1c405c61b1ce47600b7ecd11d89b9c08c408b7e2d1e00a4d64696d12e68 81dc61688209a8207427f90116aeb3a1c405c61b1ce47600b7ecd11d89b9c08c408b7e2d1e00a4d64696d1 2e6881dc61688209a8207427f9 sequence number: 1 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d31 nonce: 9752b85fe8c73eda183f9e81 ct:37ece0cf6741f443e9d73b9966dc0b228499bb21fbf313948327231e70a18380e080 529c0267f399ba7c539cc637ece0cf6741f443e9d73b9966dc0b228499bb21fbf313948327231e70a18380 e080529c0267f399ba7c539cc6 sequence number: 2 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d32 nonce: 9752b85fe8c73eda183f9e82 ct:d17b045cac963e45d55fd3692ec17f100df66ac06d91f3b6af8efa7ed3c8895550eb 753bc801fe4bd27005b4bdd17b045cac963e45d55fd3692ec17f100df66ac06d91f3b6af8efa7ed3c88955 50eb753bc801fe4bd27005b4bd sequence number: 4 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d34 nonce: 9752b85fe8c73eda183f9e84 ct:50c523ae7c64cada96abea16ddf67a73d2914ec86a4cedb31a7e6257f7553ed24462 6ef79a57198192b232338450c523ae7c64cada96abea16ddf67a73d2914ec86a4cedb31a7e6257f7553ed2 44626ef79a57198192b2323384 sequence number: 255 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d323535 nonce: 9752b85fe8c73eda183f9e7f ct:53d422295a6ce8fcc51e6f69e252e7195e64abf49252f347d8c25534f1865a6a17d9 49c65ce618ddc7d816111f53d422295a6ce8fcc51e6f69e252e7195e64abf49252f347d8c25534f1865a6a 17d949c65ce618ddc7d816111f sequence number: 256 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d323536 nonce: 9752b85fe8c73eda183f9f80 ct:0dfcfc22ea768880b4160fec27ab10c75fb27766c6bb97aed373a9b6eae35d31afb0 8257401075cbb602ac5abb ]]></artwork>0dfcfc22ea768880b4160fec27ab10c75fb27766c6bb97aed373a9b6eae35d31 afb08257401075cbb602ac5abb ]]></sourcecode> </section> <section anchor="exported-values-22" numbered="true" toc="default"> <name>Exported Values</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ exporter_context: L: 32 exported_value: 8d78748d632f95b8ce0c67d70f4ad1757e61e872b5941e146986804b3990154b exporter_context: 00 L: 32 exported_value: 80a4753230900ea785b6c80775092801fe91183746479f9b04c305e1db9d1f4d exporter_context: 54657374436f6e74657874 L: 32 exported_value: 620b176d737cf366bcc20d96adb54ec156978220879b67923689e6dca36210ed]]></artwork>]]></sourcecode> </section> </section> <section anchor="authpsk-setup-information-5" numbered="true" toc="default"> <name>AuthPSK Setup Information</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ mode: 3 kem_id: 18 kdf_id: 3 aead_id: 2 info: 4f6465206f6e2061204772656369616e2055726e ikmE:54272797b1fbc128a6967ff1fd606e0c67868f7762ce1421439cbc9e90ce1b28d5 66e6c2acbce712e48eebf236696eb680849d6873e9959395b2931975d61d38bd6c54272797b1fbc128a6967ff1fd606e0c67868f7762ce1421439cbc9e90ce1b 28d566e6c2acbce712e48eebf236696eb680849d6873e9959395b2931975d61d38bd 6c pkEm:04000a5096a6e6e002c83517b494bfc2e36bfb8632fae8068362852b70d0ff71e5 60b15aff96741ecffb63d8ac3090c3769679009ac59a99a1feb4713c5f090fc0dbed01ad 73c45d29d369e36744e9ed37d12f80700c16d816485655169a5dd66e4ddf27f2acffe0f5 6f7f77ea2b473b4bf0518b975d9527009a3d14e5a4957e3e8a9074f804000a5096a6e6e002c83517b494bfc2e36bfb8632fae8068362852b70d0ff 71e560b15aff96741ecffb63d8ac3090c3769679009ac59a99a1feb4713c5f090fc0 dbed01ad73c45d29d369e36744e9ed37d12f80700c16d816485655169a5dd66e4ddf 27f2acffe0f56f7f77ea2b473b4bf0518b975d9527009a3d14e5a4957e3e8a9074f8 skEm:003430af19716084efeced1241bb1a5625b6c826f11ef31649095eb27952619e36 f62a79ea28001ac452fb20ddfbb66e62c6c0b1be03c0d28c97794a1fb638207a83003430af19716084efeced1241bb1a5625b6c826f11ef31649095eb2795261 9e36f62a79ea28001ac452fb20ddfbb66e62c6c0b1be03c0d28c97794a1fb638207a 83 ikmR:3db434a8bc25b27eb0c590dc64997ab1378a99f52b2cb5a5a5b2fa540888f6c0f0 9794c654f4468524e040e6b4eca2c9dcf229f908b9d318f960cc9e9baa92c5eee63db434a8bc25b27eb0c590dc64997ab1378a99f52b2cb5a5a5b2fa540888f6 c0f09794c654f4468524e040e6b4eca2c9dcf229f908b9d318f960cc9e9baa92c5ee e6 pkRm:0401655b5d3b7cfafaba30851d25edc44c6dd17d99410efbed8591303b4dbeea8c b1045d5255f9a60384c3bbd4a3386ae6e6fab341dc1f8db0eed5f0ab1aaac6d7838e00da df8a1c2c64b48f89c633721e88369e54104b31368f26e35d04a442b0b428510fb23caada 686add16492f333b0f7ba74c391d779b788df2c38d7a7f4778009d910401655b5d3b7cfafaba30851d25edc44c6dd17d99410efbed8591303b4dbe ea8cb1045d5255f9a60384c3bbd4a3386ae6e6fab341dc1f8db0eed5f0ab1aaac6d7 838e00dadf8a1c2c64b48f89c633721e88369e54104b31368f26e35d04a442b0b428 510fb23caada686add16492f333b0f7ba74c391d779b788df2c38d7a7f4778009d91 skRm:0053c0bc8c1db4e9e5c3e3158bfdd7fc716aef12db13c8515adf821dd692ba3ca5 3041029128ee19c8556e345c4bcb840bb7fd789f97fe10f17f0e2c6c25280728430053c0bc8c1db4e9e5c3e3158bfdd7fc716aef12db13c8515adf821dd692ba 3ca53041029128ee19c8556e345c4bcb840bb7fd789f97fe10f17f0e2c6c25280728 43 ikmS:65d523d9b37e1273eb25ad0527d3a7bd33f67208dd1666d9904c6bc04969ae5831 a8b849e7ff642581f2c3e56be84609600d3c6bbdaded3f6989c37d2892b1e978d565d523d9b37e1273eb25ad0527d3a7bd33f67208dd1666d9904c6bc04969ae 5831a8b849e7ff642581f2c3e56be84609600d3c6bbdaded3f6989c37d2892b1e978 d5 pkSm:040013761e97007293d57de70962876b4926f69a52680b4714bee1d4236aa96c19 b840c57e80b14e91258f0a350e3f7ba59f3f091633aede4c7ec4fa8918323aa45d590107 6dec8eeb22899fda9ab9e1960003ff0535f53c02c40f2ae4cdc6070a3870b85b4bdd0bb7 7f1f889e7ee51f465a308f08c666ad3407f75dc046b2ff5a24dbe2ed040013761e97007293d57de70962876b4926f69a52680b4714bee1d4236aa9 6c19b840c57e80b14e91258f0a350e3f7ba59f3f091633aede4c7ec4fa8918323aa4 5d5901076dec8eeb22899fda9ab9e1960003ff0535f53c02c40f2ae4cdc6070a3870 b85b4bdd0bb77f1f889e7ee51f465a308f08c666ad3407f75dc046b2ff5a24dbe2ed skSm:003f64675fc8914ec9e2b3ecf13585b26dbaf3d5d805042ba487a5070b8c5ac1d3 9b17e2161771cc1b4d0a3ba6e866f4ea4808684b56af2a49b5e5111146d45d9326003f64675fc8914ec9e2b3ecf13585b26dbaf3d5d805042ba487a5070b8c5a c1d39b17e2161771cc1b4d0a3ba6e866f4ea4808684b56af2a49b5e5111146d45d93 26 psk: 0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82 psk_id: 456e6e796e20447572696e206172616e204d6f726961 enc:04000a5096a6e6e002c83517b494bfc2e36bfb8632fae8068362852b70d0ff71e56 0b15aff96741ecffb63d8ac3090c3769679009ac59a99a1feb4713c5f090fc0dbed01ad7 3c45d29d369e36744e9ed37d12f80700c16d816485655169a5dd66e4ddf27f2acffe0f56 f7f77ea2b473b4bf0518b975d9527009a3d14e5a4957e3e8a9074f804000a5096a6e6e002c83517b494bfc2e36bfb8632fae8068362852b70d0ff7 1e560b15aff96741ecffb63d8ac3090c3769679009ac59a99a1feb4713c5f090fc0d bed01ad73c45d29d369e36744e9ed37d12f80700c16d816485655169a5dd66e4ddf2 7f2acffe0f56f7f77ea2b473b4bf0518b975d9527009a3d14e5a4957e3e8a9074f8 shared_secret:9e1d5f62cb38229f57f68948a0fbc1264499910cce50ec62cb24188c5 b0a98868f3c1cfa8c5baa97b3f24db3cdd30df6e04eae83dc4347be8a981066c3b5b9459e1d5f62cb38229f57f68948a0fbc1264499910cce50ec62cb241 88c5b0a98868f3c1cfa8c5baa97b3f24db3cdd30df6e04eae83dc4347be8a981066c 3b5b945 key_schedule_context:0324497637cf18d6fbcc16e9f652f00244c981726f293bb781 9861e85e50c94f0be30e022ab081e18e6f299fd3d3d976a4bc590f85bc7711bfce32ee1a 7fb1c154ef45baa1f3a4b169e141feb957e48d03f28c837d8904c3d6775308c3d3faa75d d64adfa44e1a1141edf9349959b8f8e5291cbdc56f62b0ed6527d692e85b09a40324497637cf18d6fbcc16e9f652f00244c981726f293b b7819861e85e50c94f0be30e022ab081e18e6f299fd3d3d976a4bc590f85bc7711bf ce32ee1a7fb1c154ef45baa1f3a4b169e141feb957e48d03f28c837d8904c3d67753 08c3d3faa75dd64adfa44e1a1141edf9349959b8f8e5291cbdc56f62b0ed6527d692 e85b09a4 secret:50a57775958037a04098e0054576cd3bc084d0d08d29548ba4befa5676b91eb4 dcd0752813a052c9a930d0aba6ca10b89dd690b64032dc635dece35d1bf4645c50a57775958037a04098e0054576cd3bc084d0d08d29548ba4befa5676b9 1eb4dcd0752813a052c9a930d0aba6ca10b89dd690b64032dc635dece35d1bf4645c key: 1316ed34bd52374854ed0e5cb0394ca0a79b2d8ce7f15d5104f21acdfb594286 base_nonce: d9c64ec8deb8a0647fafe8ff exporter_secret:6cb00ff99aebb2e4a05042ce0d048326dd2c03acd61a601b1038a65 398406a96ab8b5da3187412b2324089ea16ba4ff7e6f4fe55d281fc8ae5f2049032b69eb d ]]></artwork>6cb00ff99aebb2e4a05042ce0d048326dd2c03acd61a601b103 8a65398406a96ab8b5da3187412b2324089ea16ba4ff7e6f4fe55d281fc8ae5f2049 032b69ebd ]]></sourcecode> <section anchor="encryptions-23" numbered="true" toc="default"> <name>Encryptions</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ sequence number: 0 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d30 nonce: d9c64ec8deb8a0647fafe8ff ct:942a2a92e0817cf032ce61abccf4f3a7c5d21b794ed943227e07b7df2d6dd92c9b8a 9371949e65cca262448ab7942a2a92e0817cf032ce61abccf4f3a7c5d21b794ed943227e07b7df2d6dd92c 9b8a9371949e65cca262448ab7 sequence number: 1 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d31 nonce: d9c64ec8deb8a0647fafe8fe ct:c0a83b5ec3d7933a090f681717290337b4fede5bfaa0a40ec29f93acad742888a151 3c649104c391c78d1d7f29c0a83b5ec3d7933a090f681717290337b4fede5bfaa0a40ec29f93acad742888 a1513c649104c391c78d1d7f29 sequence number: 2 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d32 nonce: d9c64ec8deb8a0647fafe8fd ct:2847b2e0ce0b9da8fca7b0e81ff389d1682ee1b388ed09579b145058b5af6a93a85d d50d9f417dc88f2c7853122847b2e0ce0b9da8fca7b0e81ff389d1682ee1b388ed09579b145058b5af6a93 a85dd50d9f417dc88f2c785312 sequence number: 4 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d34 nonce: d9c64ec8deb8a0647fafe8fb ct:fbd9948ab9ac4a9cb9e295c07273600e6a111a3a89241d3e2178f39d532a2ec5c15b 9b0c6937ac84c88e0ca76ffbd9948ab9ac4a9cb9e295c07273600e6a111a3a89241d3e2178f39d532a2ec5 c15b9b0c6937ac84c88e0ca76f sequence number: 255 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d323535 nonce: d9c64ec8deb8a0647fafe800 ct:63113a870131b567db8f39a11b4541eafbd2d3cf3a9bf9e5c1cfcb41e52f9027310b 82a4868215959131694d1563113a870131b567db8f39a11b4541eafbd2d3cf3a9bf9e5c1cfcb41e52f9027 310b82a4868215959131694d15 sequence number: 256 pt: 4265617574792069732074727574682c20747275746820626561757479 aad: 436f756e742d323536 nonce: d9c64ec8deb8a0647fafe9ff ct:24f9d8dadd2107376ccd143f70f9bafcd2b21d8117d45ff327e9a78f603a32606e42 a6a8bdb57a852591d20907 ]]></artwork>24f9d8dadd2107376ccd143f70f9bafcd2b21d8117d45ff327e9a78f603a3260 6e42a6a8bdb57a852591d20907 ]]></sourcecode> </section> <section anchor="exported-values-23" numbered="true" toc="default"> <name>Exported Values</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ exporter_context: L: 32 exported_value: a39502ef5ca116aa1317bd9583dd52f15b0502b71d900fc8a622d19623d0cb5d exporter_context: 00 L: 32 exported_value: 749eda112c4cfdd6671d84595f12cd13198fc3ef93ed72369178f344fe6e09c3 exporter_context: 54657374436f6e74657874 L: 32 exported_value: f8b4e72cefbff4ca6c4eabb8c0383287082cfcbb953d900aed4959afd0017095]]></artwork>]]></sourcecode> </section> </section> </section> <section anchor="dhkemx25519-hkdf-sha256-hkdf-sha256-export-only-aead" numbered="true" toc="default"> <name>DHKEM(X25519, HKDF-SHA256), HKDF-SHA256, Export-Only AEAD</name> <section anchor="base-setup-information-6" numbered="true" toc="default"> <name>Base Setup Information</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ mode: 0 kem_id: 32 kdf_id: 1 aead_id: 65535 info: 4f6465206f6e2061204772656369616e2055726e ikmE: 55bc245ee4efda25d38f2d54d5bb6665291b99f8108a8c4b686c2b14893ea5d9 pkEm: e5e8f9bfff6c2f29791fc351d2c25ce1299aa5eaca78a757c0b4fb4bcd830918 skEm: 095182b502f1f91f63ba584c7c3ec473d617b8b4c2cec3fad5af7fa6748165ed ikmR: 683ae0da1d22181e74ed2e503ebf82840deb1d5e872cade20f4b458d99783e31 pkRm: 194141ca6c3c3beb4792cd97ba0ea1faff09d98435012345766ee33aae2d7664 skRm: 33d196c830a12f9ac65d6e565a590d80f04ee9b19c83c87f2c170d972a812848 enc: e5e8f9bfff6c2f29791fc351d2c25ce1299aa5eaca78a757c0b4fb4bcd830918 shared_secret: e81716ce8f73141d4f25ee9098efc968c91e5b8ce52ffff59d64039e82918b66 key_schedule_context:009bd09219212a8cf27c6bb5d54998c5240793a70ca0a89223 4bd5e082bc619b6a3f4c22aa6d9a0424c2b4292fdf43b8257df93c2f6adbf6ddc9c64fee 26bdd292009bd09219212a8cf27c6bb5d54998c5240793a70ca0a8 92234bd5e082bc619b6a3f4c22aa6d9a0424c2b4292fdf43b8257df93c2f6adbf6dd c9c64fee26bdd292 secret: 04d64e0620aa047e9ab833b0ebcd4ff026cefbe44338fd7d1a93548102ee01af key: base_nonce: exporter_secret: 79dc8e0509cf4a3364ca027e5a0138235281611ca910e435e8ed58167c72f79b]]></artwork>]]></sourcecode> <section anchor="exported-values-24" numbered="true" toc="default"> <name>Exported Values</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ exporter_context: L: 32 exported_value: 7a36221bd56d50fb51ee65edfd98d06a23c4dc87085aa5866cb7087244bd2a36 exporter_context: 00 L: 32 exported_value: d5535b87099c6c3ce80dc112a2671c6ec8e811a2f284f948cec6dd1708ee33f0 exporter_context: 54657374436f6e74657874 L: 32 exported_value: ffaabc85a776136ca0c378e5d084c9140ab552b78f039d2e8775f26efff4c70e]]></artwork>]]></sourcecode> </section> </section> <section anchor="psk-setup-information-6" numbered="true" toc="default"> <name>PSK Setup Information</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ mode: 1 kem_id: 32 kdf_id: 1 aead_id: 65535 info: 4f6465206f6e2061204772656369616e2055726e ikmE: c51211a8799f6b8a0021fcba673d9c4067a98ebc6794232e5b06cb9febcbbdf5 pkEm: d3805a97cbcd5f08babd21221d3e6b362a700572d14f9bbeb94ec078d051ae3d skEm: 1d72396121a6a826549776ef1a9d2f3a2907fc6a38902fa4e401afdb0392e627 ikmR: 5e0516b1b29c0e13386529da16525210c796f7d647c37eac118023a6aa9eb89a pkRm: d53af36ea5f58f8868bb4a1333ed4cc47e7a63b0040eb54c77b9c8ec456da824 skRm: 98f304d4ecb312689690b113973c61ffe0aa7c13f2fbe365e48f3ed09e5a6a0c psk: 0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82 psk_id: 456e6e796e20447572696e206172616e204d6f726961 enc: d3805a97cbcd5f08babd21221d3e6b362a700572d14f9bbeb94ec078d051ae3d shared_secret: 024573db58c887decb4c57b6ed39f2c9a09c85600a8a0ecb11cac24c6aaec195 key_schedule_context:01446fb1fe2632a0a338f0a85ed1f3a0ac475bdea2cd72f8c7 13b3a46ee737379a3f4c22aa6d9a0424c2b4292fdf43b8257df93c2f6adbf6ddc9c64fee 26bdd29201446fb1fe2632a0a338f0a85ed1f3a0ac475bdea2cd72 f8c713b3a46ee737379a3f4c22aa6d9a0424c2b4292fdf43b8257df93c2f6adbf6dd c9c64fee26bdd292 secret: 638b94532e0d0bf812cf294f36b97a5bdcb0299df36e22b7bb6858e3c113080b key: base_nonce: exporter_secret: 04261818aeae99d6aba5101bd35ddf3271d909a756adcef0d41389d9ed9ab153]]></artwork>]]></sourcecode> <section anchor="exported-values-25" numbered="true" toc="default"> <name>Exported Values</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ exporter_context: L: 32 exported_value: be6c76955334376aa23e936be013ba8bbae90ae74ed995c1c6157e6f08dd5316 exporter_context: 00 L: 32 exported_value: 1721ed2aa852f84d44ad020c2e2be4e2e6375098bf48775a533505fd56a3f416 exporter_context: 54657374436f6e74657874 L: 32 exported_value: 7c9d79876a288507b81a5a52365a7d39cc0fa3f07e34172984f96fec07c44cba]]></artwork>]]></sourcecode> </section> </section> <section anchor="auth-setup-information-6" numbered="true" toc="default"> <name>Auth Setup Information</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ mode: 2 kem_id: 32 kdf_id: 1 aead_id: 65535 info: 4f6465206f6e2061204772656369616e2055726e ikmE: 43b078912a54b591a7b09b16ce89a1955a9dd60b29fb611e044260046e8b061b pkEm: 5ac1671a55c5c3875a8afe74664aa8bc68830be9ded0c5f633cd96400e8b5c05 skEm: 83d3f217071bbf600ba6f081f6e4005d27b97c8001f55cb5ff6ea3bbea1d9295 ikmR: fc9407ae72ed614901ebf44257fb540f617284b5361cfecd620bafc4aba36f73 pkRm: ffd7ac24694cb17939d95feb7c4c6539bb31621deb9b96d715a64abdd9d14b10 skRm: ed88cda0e91ca5da64b6ad7fc34a10f096fa92f0b9ceff9d2c55124304ed8b4a ikmS: 2ff4c37a17b2e54046a076bf5fea9c3d59250d54d0dc8572bc5f7c046307040c pkSm: 89eb1feae431159a5250c5186f72a15962c8d0debd20a8389d8b6e4996e14306 skSm: c85f136e06d72d28314f0e34b10aadc8d297e9d71d45a5662c2b7c3b9f9f9405 enc: 5ac1671a55c5c3875a8afe74664aa8bc68830be9ded0c5f633cd96400e8b5c05 shared_secret: e204156fd17fd65b132d53a0558cd67b7c0d7095ee494b00f47d686eb78f8fb3 key_schedule_context:029bd09219212a8cf27c6bb5d54998c5240793a70ca0a89223 4bd5e082bc619b6a3f4c22aa6d9a0424c2b4292fdf43b8257df93c2f6adbf6ddc9c64fee 26bdd292029bd09219212a8cf27c6bb5d54998c5240793a70ca0a8 92234bd5e082bc619b6a3f4c22aa6d9a0424c2b4292fdf43b8257df93c2f6adbf6dd c9c64fee26bdd292 secret: 355e7ef17f438db43152b7fb45a0e2f49a8bf8956d5dddfec1758c0f0eb1b5d5 key: base_nonce: exporter_secret: 276d87e5cb0655c7d3dad95e76e6fc02746739eb9d968955ccf8a6346c97509e]]></artwork>]]></sourcecode> <section anchor="exported-values-26" numbered="true" toc="default"> <name>Exported Values</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ exporter_context: L: 32 exported_value: 83c1bac00a45ed4cb6bd8a6007d2ce4ec501f55e485c5642bd01bf6b6d7d6f0a exporter_context: 00 L: 32 exported_value: 08a1d1ad2af3ef5bc40232a64f920650eb9b1034fac3892f729f7949621bf06e exporter_context: 54657374436f6e74657874 L: 32 exported_value: ff3b0e37a9954247fea53f251b799e2edd35aac7152c5795751a3da424feca73]]></artwork>]]></sourcecode> </section> </section> <section anchor="authpsk-setup-information-6" numbered="true" toc="default"> <name>AuthPSK Setup Information</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ mode: 3 kem_id: 32 kdf_id: 1 aead_id: 65535 info: 4f6465206f6e2061204772656369616e2055726e ikmE: 94efae91e96811a3a49fd1b20eb0344d68ead6ac01922c2360779aa172487f40 pkEm: 81cbf4bd7eee97dd0b600252a1c964ea186846252abb340be47087cc78f3d87c skEm: a2b43f5c67d0d560ee04de0122c765ea5165e328410844db97f74595761bbb81 ikmR: 4dfde6fadfe5cb50fced4034e84e6d3a104aa4bf2971360032c1c0580e286663 pkRm: f47cd9d6993d2e2234eb122b425accfb486ee80f89607b087094e9f413253c2d skRm: c4962a7f97d773a47bdf40db4b01dc6a56797c9e0deaab45f4ea3aa9b1d72904 ikmS: 26c12fef8d71d13bbbf08ce8157a283d5e67ecf0f345366b0e90341911110f1b pkSm: 29a5bf3867a6128bbdf8e070abe7fe70ca5e07b629eba5819af73810ee20112f skSm: 6175b2830c5743dff5b7568a7e20edb1fe477fb0487ca21d6433365be90234d0 psk: 0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82 psk_id: 456e6e796e20447572696e206172616e204d6f726961 enc: 81cbf4bd7eee97dd0b600252a1c964ea186846252abb340be47087cc78f3d87c shared_secret: d69246bcd767e579b1eec80956d7e7dfbd2902dad920556f0de69bd54054a2d1 key_schedule_context:03446fb1fe2632a0a338f0a85ed1f3a0ac475bdea2cd72f8c7 13b3a46ee737379a3f4c22aa6d9a0424c2b4292fdf43b8257df93c2f6adbf6ddc9c64fee 26bdd29203446fb1fe2632a0a338f0a85ed1f3a0ac475bdea2cd72 f8c713b3a46ee737379a3f4c22aa6d9a0424c2b4292fdf43b8257df93c2f6adbf6dd c9c64fee26bdd292 secret: c15c5bec374f2087c241d3533c6ec48e1c60a21dd00085619b2ffdd84a7918c3 key: base_nonce: exporter_secret: 695b1faa479c0e0518b6414c3b46e8ef5caea04c0a192246843765ae6a8a78e0]]></artwork>]]></sourcecode> <section anchor="exported-values-27" numbered="true" toc="default"> <name>Exported Values</name><artwork<sourcecode name=""type="" align="left" alt=""><![CDATA[type="test-vectors"><![CDATA[ exporter_context: L: 32 exported_value: dafd8beb94c5802535c22ff4c1af8946c98df2c417e187c6ccafe45335810b58 exporter_context: 00 L: 32 exported_value: 7346bb0b56caf457bcc1aa63c1b97d9834644bdacac8f72dbbe3463e4e46b0dd exporter_context: 54657374436f6e74657874 L: 32 exported_value: 84f3466bd5a03bde6444324e63d7560e7ac790da4e5bbab01e7c4d575728c34a]]></artwork>]]></sourcecode> </section> </section> </section> </section> <section anchor="acknowledgements" numbered="false" toc="default"> <name>Acknowledgements</name> <t>The authors would like to thank <contact fullname="Joel Alwen"/>, <contact fullname="Jean-Philippe Aumasson"/>, <contact fullname="David Benjamin"/>, <contact fullname="Benjamin Beurdouche"/>, <contact fullname="Bruno Blanchet"/>, <contact fullname="Frank Denis"/>, <contact fullname="Stephen Farrell"/>, <contact fullname="Scott Fluhrer"/>, <contact fullname="Eduard Hauck"/>, <contact fullname="Scott Hollenbeck"/>, <contact fullname="Kevin Jacobs"/>, <contact fullname="Burt Kaliski"/>, <contact fullname="Eike Kiltz"/>, <contact fullname="Julia Len"/>, <contact fullname="John Mattsson"/>, <contact fullname="Christopher Patton"/>, <contact fullname="Doreen Riepel"/>, <contact fullname="Raphael Robert"/>, <contact fullname="Michael Rosenberg"/>, <contact fullname="Michael Scott"/>, <contact fullname="Martin Thomson"/>, <contact fullname="Steven Valdez"/>, <contact fullname="Riad Wahby"/>, and other contributors in the CFRG for helpful feedback that greatly improved this document.</t> </section> </back><!-- ##markdown-source: H4sIANnrMGEAA9S92Xbj2JUo+H6+AhWxVltykQzOg7KyqhSSIkPOmK4UttPX 7RsCAVCERRI0AIZCVoa/5T70233vD+j6sd7TmQBQUtjpHnLlyhRJ4Az77LPn od1uqzItV8lR8Ppunqdx8GE3X6VR8GNyF5xtovxuW6bZRoXzeZ58hoc+/Him 4izahGt4Jc7DRdlO83LRjhb5dXu5vUnavb6KwzI5UhH89zrL746CdLPI1G2W 31zn2W57FJxvyiTfJGVwkRRJmEfL4GNY3ASvsjxKgoPzi4+vDpVKt/lRUOa7 oux3u7NuX90kdzBGbF9vn+L8ShVluIk/hatsA2u6Swq1TY+CP5ZZ1AqKLC/z ZFHAX3dr/ONPSoW7cpnlRypoB7Cy4ii46ARvOsHLEMYsVAD/8O4u0mgZ5nHl tyy/PgpO0iLK6GOyDtPVUZCv5v+Zbj93ii922B/hPRjgOvwcbpxhfwzzcpne VH6jYc83eRq6w97ws8lduOnM9fP/meJjnUVup3oJO0i3W2eWl8nmz+E63djv m2dIk3Lxn3N5eAXPduLEjnvSCY47we+zLHaGPlnmaVFm22WSe78yZFbZLl6s wjxxZ4nC2/9cJuE23VzP07LowOHBAQNW5OuwTD8DsgTByWW3d0QvCUI+O02K 9HoTwOEGx5twdVekRZAtgg95GJVpFK4EV9s+rgaX0TJZJ0VwmUS7PAnC6xD2 UgbHcbjFuWD9WZFs4AxxB2XyBX4qyzC6ecaTA5ST8ihYluW2OHrxItnm6abs pGGUd2CHLwAZey963Sk9TIge4Ff00WAW/dOW/1ssO8kBgLn5WtAsg73F/m+V V3/XCS6XcHMqb/4ujcosl5/gt9evf+yOfRBeZmu4UenmsNgtFmmUJpsyiLJN nCKkigAOICgYTEu+/omB45PBMX7RH498cIwfB8dvOsHrJM/DzV8ru/pN+DkF zPJ/rLx8Ci9ni2WS1t4+TTYbQJPKr5XXzzrBj+mqrL57BjdNfoBffjj+4MPy 4zIJfgi37Q95Nl8l6wJuSRi8S24B58NCMFN+QbiW8DihYFre4Y8nCNfsOg+3 S6CvgqTNQF6lm5tOgZC+TvJOlK1fwJmVcHYvtvECkK/T63YnLwbt0bDbHg5H 03G7/2nagd++GSk/doL3N+E6K7MKLD6GZbELb9LKz/Vz+JABPsBmPoer6lHA Qca134skT+Few93XSzq/fPnuKJhNpm13RzM8g+N3l+f+IeA3wU+zznjgcioH tncG+K/STbiJUqATl0n+OY2AJJxvYuAn+V3QbtN7x9d5AscAlwKJDH7zEZCu 2ALXCH4Li7wOzlZAFIHaBCe7HGmHM9Gzb4W2+UCU8hiuO1CxTfAuxOuGy0Q+ BhwH11nAhndlgkA4Pzs76w3GAw8Q+GWA34Yt815wuU2iFK55aG/3PiC1cf5N THvvITiOYyYKsI6PSbTcpH/ZafQ0Wxx+4xbNNhD/z1ZJVOZEtxHY/DHbpFEB xPs63SRJXtB2L9/7Rw5fvDg/Owl60+5g0O63YFhhHEDsaa3ZKrvGLZnrZncA 3zqs4XgFAklaLunyfgDmGvRp7yAcrBNcnHCF6sYfp2fVjaOEos/1PfDtTfpX XjAeij4w/d2LygsCm5J2gQA7ydbrtChQEoOJLs9OfvBB9ACWthy0wrnPDB/w 8OEHlMxawWegN0G/mSoBo7gmmg9/9Nqf+3WCQ3f2JXChWYUL7ebwRwn3HmBF d/M0WaQbwjdEjfN3p+2Tk+Oj4PfLhPn96+yW+BoyxmW4WiVACduniTnIOQyR FvBDdpvE//FkVjV7MexNq2t+lEi+TZdpDhLVyog15qB/uwGJIi80iQ9XKcB4 k4bBJVzs0xTk3z2Es5FNaRnq9+dwOwvAiDhc7+FgllU98CriCkhQGmqn/73X hanfn3c0C7FEdzob9nrtCYkRIONreatCfDeeIPaQxvDUI+l3X/SHA+9I+t3H j8QVePGffUKvcyNB8MUrnxKROQYsfXPR71b3R5sDso84inAwl+cb9tMbzmbf vCEQh45Xt8mmKgxl//W/VpVfaD+/T6ObPdIiwOblCjjfEoTsCnzy3Sar/1gD UDPKgcwV7qKbqtAU75D1+D/RiBe7Zd42F+S//o8yeJlFy90+jH5UJvsHBv+H 0KVxRJB8LtJkm9SEngwkik31t4eXDI+9PT477lWxEcn+FpfAVJIESsM5kjj4 HQ6EjB6568n52WUzkqZJknzZrmBhHfyTEDWcgxgEatQL0OV3KAS8GI27w95s +MLD3N4TMBeUkx/Cu6zIgrfAUIGPV4/wgQdYENpuVyls58MS7l7kCD8t0AnP T1rwWgx0BhjZFjS55kW8Im0C5L04+Stcl89AqKvLePCRX2whb9xZgByCDFpU FvLgI7/YQkB1v6R7Dpv9nK7CyiL2/kwL+JCt7kT6cFhcdV5k9u8+9irM/l22 QVH7GHTKdxnIJEkMGzo7Pg0uks8pDJM00FLA0vhLJ85SQk6fO3UH3XZ/PBtO 25NPPl3tPYV3d2qMmwHwdzD11mNcHVT8d9eVeS5gde63/9gMQMg+htHNOtxU OcXLP//X/5lv6r8yOXv51tjaSMZ++9IXBF6+AgWmP5zOevjzmx9qrBGFZZLX kDu+B9KxSsRs4snKH7Mg3G5hHhT0fnt59u78JyuVAyd8gkoKnPBNnQ/uVkCP 31S54AlADU6Q5P3m0T4A8cl383n1En4Id6vqL08c8iOSfhCxNkCbqxz24zJb h0XT7/XB4aePSVH+LkErTkXSItkDfw3k52bSfg26zG7OFoIF3Jwmg+yL+Sqb vxgtRt1BNBoP47DbnXfH08l8ECeT0aIXL+bxIhp2J7MwHvRelDBp+zNP2vkz sB5flCH8QIOk1pwNHo27/emLd+eXHzuXHzrTbrc9Gh/nA3wcvyTFpGh4+NX5 h8tODxT+IRldTt7uH3AwPaXhwpNVBTnZDgjLItSCVaEOnLjWrKOA/so+zbMv zbDcAE53QI6723bK7AU81lmW61WV4CjVBoVRs0+lPi5BFtZMNIiTIsrTOZC/ MCjIwkM6l9jWtnaZdmHBAZ71YYdHkpe2efY5jWkY4FNpCEMDnWh+H34I83kK 68nv2gUKBmq7AvKMlk1W+cIgT6J0S0ofj4En2AnOyyBcAVtON9Fqh7OVSzhU H4RK5i9a8hje/2yTBLfLNFp6zxbBNiuKhNRUWhVsI2kXS6CvMU7YUqjZlbdZ kG1F0YWBioaRagP9ePYWBks/42+4dEX3Az0KssPNXQCXYJ6yCk0vgSJp1XqB Wbgtdit+ZA1XELTyYq0OYPTDFj0SJzQJ6em7TcTn8+PpK/gZ174PuYJbuIcq tBYUQJgwOECud+g+pscE3ot2WX84DehgHd4Fm6xUoOMWuy3aouDXOaA2EA5Y atEJfm8wBCkSiIRlKiYfERMFjXaky9zCc6s7tStgGNxFYiwAANJ1ijZx9I/s 8BCKqsHrNIWnk/ZroFrAVhBIylz9VvAaYMOguXx93O9Ur0NaEBJk8S4q9dLY 6oC+nt3a+n/I/BAcnLy6+OFQ2wjQD9Th+7ZO43iVKPUcDSU8HtlCHNNOIVb/ chmWgguJiwG4SOeTNQQtQ9jmHIR2VbD5TMC0ZTcDfAIoRgktCRa7AiwJ74rK fYw8i0vSue601P39f1y8OukN+72vXzsoy8OStG6Jt+AuTVZxQR9xCABveC3G yPgznCl8omnsJpQ7DS0SX94mOdnDcJHzZJMs0pLes7t1XwMBAufPQ42syr04 S8AAhEXwTNCW0cm7R4jsPLGlJc+AZRGRe6aaqZQ+HqZ2gG4G1sskB7m2DEHP C4MY0A0+Iwy2gDhhtDxSz65hUzle/fpaEAa4Xf9uN65QGevoaoVnxGuDBcCy CoJ1lG0+05juwn3KAY/T4KG7Td4b3INVRtcNfkcKCXRpnaEDyqfOQWQcT4Vd hdqJ3QGwl4gz3aTybptYTAsqMMXDWiPpC1Ff0FZfEMw16ro0+y3tEv96E94l uZXKAE3P26cddAS216uiDWAvsyhbff2K0FUf31xqsw6s/WSFhAOpQea9WMKL SbFJAdOVAsqBR4hQLvF0AQJJsAGSAJccobzeJiUuBA9vk23ayKvyDNA4nINU WRhzJU5vqKLDRy0IWgDhAiYK5iFSN4AJ6cHuvq3DQB3Qj4ewcPzy69eWY0WH L7WdnX7wbc746+V7/IFo3dnJD/ifoAd3HD/g/QaAJvAYK/IAO2a8KOdmu+sl 7ZpVeXj0GCg5QKYAgvIFJEVYptL3g6jRVvxIQkngRkYhkG985w54OewXedyu jAkhXSq+AoEcjj/LFoVjWO2zk49UOFjWIkxh/szwEBT5Ai3y1UWaRYpcGm4F MV1hLYSojphS7OZFUioh8prRFfoRYmD4CyAWGreFSetdh/PsM2DrfFc6RJgu kuu3BE0NEZamJlCg92SOPNDiz51K19sVkdEkZlpHy4a7DSIb8w3ZE5MeYDYo d/m+4oNQnMWHKmJvsb20QchqT3DgQzc5DHag0ue4ThBdyM9RFLv1lgEBW4Td IQjoqdUdIqc9OkAd1+6KqAZoKlZKxK9jAMV6DVQE4KYYeUJ6GI3qZFe/v4d1 4PUFSKCtne6if5h5AiIZbKcs5DA28KHYFU9nzh1kwhfJX3ZpTkAuUMkPmRt/ FE6GURpF8Oztby8/Pmvx/4N37+nvi7P/9tvzi7NT/BtEhjdvzB9Knrh8/f63 b07tX/bNk/dv3569O+WX4dvA+0o9e3v8h2d8QZ+9//Dx/P274zfPWJZwQYC0 CLao0QbggXcoLJSW3WN85+XJh//rf/aGANN/AR7e7/VmcKX5w7Q3GcKHWxDd eLZsAxeSPyJWKqsAo8QGnCMtQcxuoXBVLLPbDaEdwBEA6cNukaE/g9hAkoNk gkslqQ3kciQigECVzcBG9LJxbkWXgPCtFeTZCikCrnCeAFlJ4XaT1R7Q7AjE quDqoLj5qRVsb346vDoC/BIDvsNH32oZOSAZmQ53G6Y5rwo2iHMEP7VASbol Qv8ToiLxvkUAVPiCyM0Z7TxBrG9ZTYRXlmyRAOThCn/Bq4+XYXX3HYx4Bau7 wvGIkVvhn9672ro/Wi6P29re4MZwTwhUUh0s+4yyHCfCEAiEc0YDVNQLnhrH uqRVBweXhxinsaJ9ocRe3onWgtsqHInBihP4+oVRuw4u9o0AAEmIAOwb5EyD KDg4cwYJgwVsBN4HcGRr0B5WuwReQ1URWQ8cQrtMSQegUa7O++8vPxwAjt4i ZE5Q1MlLYr+b5JqCcOhCXMN2rzZXCJkwuLq9aqPrrVziEc/T6zZsN0Wie1ci o86JixeBd3XklnR7EyRAMPP7y/75h4Mv7rTu+1dfZLbGtZBpdO/4LSaxOEx1 dUCDkpzmByoHstHBl24r6HSAm355J0tBvcsqjM6agAsG5r3ul26vFcB/+90B /X/YHXXHh8H3+HcPv+VvCGGu+DgONnyltkWyizM5InfTMB8DloCNvxT49pcs Pwhbc3z5p/cX1VV9xw90v7zqvuriUnr9wZAXctY/GV7hqs9Z6wJcynOMg8gC lHeZbBiVluVjUEHC/HrHVBym2m2ArFOUBi+NSL0ftXKabPFGbCJ05d4/R6mr zcrFV8U6uZHXtJhSeoTNMjwgQb9+CtFBSw9A5gfRAeD5D0CBDhBEFwRXkqmN Poc7NvpCaCmWS+w6POQpKvtmwPRmjWOeJkh7QVErSldNZEqLzzuDkm3IHRiu JJwz7thDcBj6qiUUkj4EwtpI2AvZRrhKQhA8rt4VN4IPQimAnd8FBwUJl7wC 1DnaOL9ImXFaRDsylhzKzi7huXAFgGHDGGzxQKj8B1KecRN7sPHdFuaHA85i UVVpcQ4BJcprIFg0zkSQ/BDmxWMTAVSB/oHsBxe9MpFoQAZnUdbLw5SGdCc+ Qzy/EnTfAWGnFa6v2HBnnhOjDki+O2S+tHzCO1jvxdOQaeNwKxp9kX5JYiGQ Fb30QLMVMX+BZAaCxiGpNGQB91/21VcSxlgPFHMGy7lxYtVQGkVk6mW2Qi4l MpzLyGrcDmBzcVUBLQ3lgHcjkBHIZpvK8nwgnuKiDuAJ0OkZkvuu0M541iu8 9oIPy0EGsrUYvvc00OLdo3F8ewA8YaReXv8V/FiFgbt/vta0LwsCC/s6CI53 5dLgEoLhEkjBgTZyAs++DNHaV2iMO7xqGeMNyHTbXck+CLp2CVsui10estWJ lZ36joNbGFFjp9avaJz9+ADAvrxyVu0fHlKxvUvnR92lG1GOoV7wqklc/aY1 2/UyGjyw5nc8jIh2cnnSjSWYYcOcbIDU08E64RE9HqLC/sE2Ph4R3X9gMKBo j4yVoSbsEFMOVfRHKZ44igMifxjDV0+tNfuVZ80Wnnr2hZwYB0W4AnFcGKB8 iYZbV3jBaWABRLUsDV9q2YXIITK/dAPojE/jXV/DApH8CtcjE/rGWv8dzsB3 Dheij/rsyxaeP9jmNy3KH2gFb3h5WxqmvrorePSKiQyNZqYxbBhGuULBEsjg G4fJ8hWsrlkfx1JOQ55CE56+WQaAyPk1gPVx8Tls2PXtGO0sPWRBdtTrjb9+ PdKMO1wdoKsEhWG034VhDLeypJ2LQbbqiAiMt4eBuC2vxEZZFFmUEuaSP+IK BhMAVUjqFfznSpvjIiYiV/QnXHcyU+M7rgkESUAIMI3KRm7ic2s2PSZvUPS7 SMJomcRCWIlf+8T0PUiYdRBEJXMWBsGelTiH37x3tig9tHWzbRoFqMcuJ5u9 gbHWzAjODzARhgPtRjOR/Bsh8e4hQuDfe4NU+tXNQ6/yTve//AB9RbR3kA83 jdBvGku9TO4yYRVi32Pq/Pb4D+x3TL5sM7ZqOhqCMR2ixIw/a+OFQsNHUgKI tB5oZEChhQASvEnKk4D5JxRMi6eKwEVFBNa0lj3f1jrgyb/ePE8SgIu6AOz6 OP9++bcQ+Xev9KuOg098h4pdWiaf2FEHK9yuEtK6WgE59tiBibkHIbuuwiBa ZmnEBgh91ApPH5HZanc0RZGU3nNBGiPaLFKYljAGFWw0vzU7MYtEOebR1DEl 0+E76y/I/n7cMI8iswhb0lDfZTxGNw2s8F1WinxV1S6vjGXZ2pJFCHJVRtH1 4SAPUakkG94m01KmNkO14BxQa2bHOUmnO6IQsZGRxItlTdchOzdg00mKLhQS 7dCFsCsdFcG1fDVL12R/+/MOFMviDkb9ouDK5ehYl0dzJISYmtEwoLGspGRS KMosJ90IgKesg82RQrL5n5Oo7NRsmQB36w/Ak9Dmd0D+RRilq7TEIQCUgGWA Ndsw15tUgIZkwEDhMrjF0JmQ/HREiucpQRVu/N/+9jcFowZvwnkC5MEXbFb4 Jcs3yGZX/Mwn+Bx8H4iRhwJu2p97z9ARjlcCo9ycF5VmBkHD2DzYofKXYMUX PY5IMd4i4Du7CrbRvWkF/cNW0LQkE01U/ceZwltrZREyI66CYEZHxaZDQIAr Pc+VoCzacsVuQagKh5ES9sbfCVYQkoA2ipibRvCdsYD4uCwcFoRxeIMvE4hw Iea8lZhycL6gYRVQAvRIMaMwlKPlLo3cCUAv8pL5+TN49BlfIb73d0rLwnYE WO/CWK0Z8xHbRE1CSLdwR5WxFZ2BPzjrpvAnAMWhQTgumlrJDVgkgu339/Hy Jll//UqhL/f3Vg5sCxJrGw4xNhQanz8PTl+3X5I/E7dw/5yHUOoSg0GActyy Q/UaKNEGIaVDMMJqsAZl2wrZ1NYcey+tr4BZ5ulrbcn6A3EvjioQuyz5SkKy zldnSb6gve46MdJXgwL3E4tYvhnpD1fihBR2XBmXlTgVaDXOZZ3x8iHZK7j6 HTC9mDYn7NE1UquAOchn85AYqnHYB8SmxvVVlUxFVhkE5iHLCA/rc9VBvSAn vJ0bPG7cm3FgyuUgxmUuGTtC6JSApFoSSxt1zbRfFZJT+AWWCMMcSN4PaoVX +m5YHLkN74zhkp5EygDXmOJsEtWIb+SegfGuNM1gL6w5KHPrC7ZGaX/O5ZVi 5mBEGxdhxJNFthsWVxofg/uHwTqqqrcz46kC245u/IQ+3VG35EBptKgeysob jaCHhNvGoBOj/Qj+RMft2nd1dbTNFW3vhZgkOk0Gb41jhWuC1smOjUehaVKT 5VikOj7IimDj6rOFm1NItIoQp3BRzHNKdiw7Fl55vNHsMF5inN36kxA/YoVJ mHwCDgVcsMK9n6GfV36FP+Mlcja+dZ/k1n1fYbfyNLznPfdsP+PU/ziragVi ZnI4qTccM3prPcZdFDdnSDrPYEm1k0NRfAk/EIWlxy7wOzho+LLRVn92iIGu 8Nx63xM0grNoK0SQNQ9fpTGq8Hr0SPbsmQKmeOMVi+8RrRQ33ngT4DkfAGRm fHyD+OTh/8Ob5P01mHOfesKyOvegW7zrS/70y5w7EMuH4Hb5BLiRrfefhiL7 bMvfgCsuKAVlWg4C4R6fikEPgevy/xVQWeHbCM6OhMsCOUmrKIUCgb3ySSNx HnXl0T7iipomh4Uw8cKwb1xV6j2lSDiA79tpXJDhBFell+HoRihgtwJWTngY 1FAcDQIVAy1cE3fQ+jMxNeSE5KbUoZ1GR9Dvqf1Cuac7U8wSx2OJn7mjzj09 o2ARfo3RpOiMwLklco4lKPJNH6BZl5xx1mzJWuZBFdKtoALmQ2MGwwBVkNdQ XMONYASQ1eBxxQSKjgQG3sSLNhtPTHAgKPQUxWN3xqYVRUK9qWPQABXWJlhj bluNWUZGjp5LLrkxVpP+hwrGKxnWeOrhAT60fRy9xYG3aPk2HhgZVtXdLWi0 0MduPVxa+pXVLMNiaWHvRMQZmRGX+aHdH41b8L/BdEh7/tAe9XveckBk10t5 UD53VzXot4LhlKE4HvviWEs1Rgh9AX0ty2MMkzYQhad2KzroRMfMRxQzv8WS F15AaYeg/lN/NOrNaNqfhriA+j78ZdKjo8oKlQQDYHD5ZDKcYhTMpYRUjjA+ j0NAABOzHNEdh9oYUxf5LSyH00KsJdiO7FcYyBJ6GITZhyckY3/erTYSyQsT o8CJdiu48aCa4fUAuT+ToJuDH0/OD0WPw8glVmKe4vtUD/sRm32IsE6QndEI gQ8GKYVRuqkxVa80gtEuPtY3uRplSTI4RXpbLZ4DxyiE2c4gxEn0Tt4W+cv4 OXEF+7qqT6MpJOehtPvg/jnmfH0FLJDDEVtEC/VIPjgMPkhuAy9cR4KSzRFz OL5qyhsSW0MBeJps2BTs5BuhW6Ql+ROi2G9q2piocfWB3NB49i2h7lgkFjY5 2kFFE0Z0yBhLKAbTxwE+QmRETtyEybagaAG7jDix2Q7OImystpsxQs4LhtBG iVvRaLVexAZHb2KG1WLFm8ShBHHFjovqpzrgQG+0iBJubsTeVN4Fqa12cqhd qOzO8udUJhrbKeVy7KUYnaIrTCga+SUd2zyrioQ3OpFJP4r2A9hRIcGLjGtM G0MHMRDFlOSSBQ2pZIFNJduTQKYeSSB78nuVgE4dp/uUrLV5hqlclZkFVatp aIQce7K4UAKEK4w1fJzEsKpjXCDspvNps5yYTay9bpO00XCkfRq3KUzu4FjM mQS7FDjrPClvMYtnncUUafdz8BYNEeafn4PfkYz5s/r56HvvH/0ZfqG3P9Hh 8zvdL91uEJhftsVNYH/pOb8gSOwv/cov9CL9MsBf7o8ColltWizndH7PCbC4 6OIZEDObMIFoqIVb5p8YoAKLBBwsb7N2USZbuBglltOBjfeQaJcBmaVcKGtp n61oheYuGm40MJFwNBzUAl46qt8JflsIhzJjZXoGEne1r5ord4nTjR/9JDGa vo28rU0tAZM3El9xAjYjFarh2uLSED/5+jKecyIZM9MNJ+MTjhSZMhyVoMZ+ 4JR5olE3gjVKNegJtGTd5IoqzDnClRtLIzn/vqCsQXEFLG0xiraqscHq/p5O mp9Hrx1zVPoyRju5SMb80ta6usgBJUBROunLLALWR/gS2wJB6OssSCYPKjkX CEFVfVK8Vm6WiLt0UqHQc7ZbO2JJDmoBJuqRhVz7iB3z5gHxF9AgAOFR9wIF uYw6h+yN1HXGGrFOo5zDgEHGKShp1OZ6oZqDO9oxZUYQdODO5An6k1te2i8f LPyEKLAhUuhw9E2SxAUPfxtSnE+sY/jQCEw0E4VTgLlrMwUhjLNKtaZSCWO0 lOyYQ5K/hIjwLT9fDdNdcdd0ysrhduxrFH+QE/JB6qPAif3nciv9+meoSHFS q831RWRfJYtS011nIRoXJb6jrQMABCcJdla+s75jghoZRCVvVyftVsRsDP9w pWxWCWiB+HaLRZgrQ3P5DU1orwhpTDowqEc7og+edbZQfFQi5m1AyKOFkdSJ vlIKF4I7oV3KgDdMdP3BFUNiQVO0QfgsHCA4Qu5HkrKzKInhuUoWgCt70vBA S0jEpbwY9eGuXMKlWWF1H47kQhLHLM+RtJis8ft4bNpawn6ykzwJS600OjLw iRDk++cN/jbt87TKr5COPToNcQZR1kFV1fme8W6lKQHe5FUoPpFAp09qyZ7i zTzmo2QpvFtvQK0N5IljwqFIecKEKyzbZwQBsRPJwXpVq/Dhlu8EsiwW1QgY 0DNI8ch1Zd7qWCbEh/Ybch47jsPyb5uL1kTCyXZSwca9zias9DtcWQhchncA LPbZs0MaizAdV1IRvw4+XP54CFR4Rboeimg+i65x6L2TuVORPayNQXo2YsTQ MpjxkUH+iUoeIgYDg51jstYFZ4zTBJJlVmbXfJ1h2Uh8QuTTK6wmQYJNC/3e 7ML1d+DG00i+kCjOa7JLbEjayGhomg+rESSlzdTxhhMlPrd5gTCB0qGqaMD8 Hci7izsA6jnBAiniPAHsdjfrckraN6OW7JqSJdbhl3S9W4s1SbL92UaoxIxG UQplkawWLW1Zi71qgxUTn4lp5oeVNhOKxUzL1wJmHfmydu16dL4Sy8+kEpQx QAggXSuMYCpk7EI7gTX1pOhD2DYS/E864JL9nCQiJbm5nxz9Y40dLt1QBBuh PmiXcJNkkZgQb7nZYPKhcD7fVmJDuWtakw530GNKQiIjtpsfUSUoZKImZ6YY IxLSRrmcM/yBF4zoUatydZsiyeWmEwVoNO4IBlrjEXJ6hL0jnpAZSz1uxtLp 1qycO/arwLNftVQ99U3CPcRAW8vHxTgXsXXj9hFEDaBouPk2USvME3tzQ3Pn 4hZe2M2TQRkYUHr2TuUT3n0mr33SADGfxoA/IESdpNMymKP9ERR6AJ/ihbn3 inScqzAJY9p7n7kdudLJtCrU02FuMFgat1nr4NRpGND9RuJvcEzvQc/0K3yX IpqCxyKaVD2iyYr+zNqf5NtRTb6dqtPB9e2YUgdIhXwxodl/g/yV4pjQC171 4jjf0RH438kZ4JdK/D1/+5t495H6kyr/PbBD9wueHL4jV2CV8LNoAo/Rf+BZ cgpeZ3qsA/zfv3wfOAMe2gd47AP5y38Mx8LYnoUZDX6373HJKA4ROvsSJcTa D56db5DgU72uki4lM+tn5O9zxsJTocUjxv3RiOkta9f40+GeKcyo9uKSYorY g6pXEj+ThR/gVzLjYdOUBDfPkrJ31rcpx3lqAmE390xCFX9M7i6Fg/zbxfs3 Z/8uh1Px6nLEYPXEHj9X8s/Sn5/I3dMc4OE88cy+GtCsD71nfn9mwx6BYn3S PLHu0DUr1PO17CTs3a0FlUiopw+PZzqoJCDclKjwaiiKeRp+fNZqXForeEe4 bbn//lHsM48Fs+yZaUOhB75UsX86ePAJQTN7J2N4iudb1DFBMRIs7G5aQbdV XdahEBkWkfC1q6BMgJhStosxetvo6EuUfi8anMU5J8sr4XnwlFN/wI/C2meJ Msm12hnmKWwszrv1ZvS01pp3JQC4cux62oR1/OHcsyaUIhTWgHrlVzBBkdq5 vihOo8ANNx0YjFSG0AEWHLhv59Y1WmzKBcZ5iliC5X7cbEnFgeNHmvBLDOI9 4cYOmPGUyNF3knIV/mWXuFfsj++Wf/J+MzeOf/nqEiGB03f6+J+Dju+o9aR6 OF4vdnW1OTgWUQVrAYkp2ISvcdKcW7kGVVi01JKL0tHKa4JxKCG2Nas/Mfer S8DuLcbpXooXVdmvLiRcT5tGEtAoYN3FUhuLdZ0yz02kEifFSyyUVRGFsZIX VgsWbVDg2YU5J8nhcxpqDYkj+F3tXARZjcJUakoie1tu8D1eASwnzIJN1flV K/eDwaa5thWZxzjwk8vDOf4jP8LTz76sRxp0HGEkcE6DoraIJRxVQ3ZaEnxl Y/csmaJ4HwcbLw8cJt/EEh8ij45Y0qrJKP6CL5wYqeZVU7iUF3NnV+0s+OLv XPCDa3Wu4rGf98UJJ3AjQWO45HPhW4mraMP7X6X6kK5gCWhPOQXGpWjNslzd UPJFPA0GboWX7FhVY8R5hwK43AoQSVj8Jg0LfRYp6m+fucDbgnUSoIug0F7v ACPhPnJfggi0G8xACWOszYuVlnAnXLnHrw7kaD57Ci9hiUbWJHjF5FXEerBp 4lQc5OuCzEX7XoxpCxfPuoLVBsMN2WOUV1xCa4jak2VczjpfgW3COF7BDRWE 4BgDbkpVpXR4Frp0TBUL4/hNC4c/1dVTVqiUKViEuVKU8iuWL11nB1S9A0z2 ArWCKo6YRCTg7nAevKdDWRkumUxPUiZDSmQM+vX6GFyBkmpqzBMvU2B5peTp nPK+MNnE6LRUEo1QVbN752QxddQw/zqtgdU5pKYuH/+jdIfGe1QSV96CqqTk kVV9G1154oIeJRgbt92KQzHwmv8SJAMZ+TeSjFp5WVpEWhhL0APFEkxQvrGl gHiEdiafD5MFLl1U3GQUMECXnLgeRjU5BQZUY2UJE9FJMU0N9bF8gw4X/UAD WXC+EYMuFWhr4ZUikQkz9MjEh8TpQCyXGE9zm7W0XIhUQOlIQcwJRUqiixXy grXLhzADywpXbIvE1GVKoHiOmVkORvaSWUMrOjJht6s11w7K5uEc0wXv/m7a xVGewFRMKQ6dxKE/5bhiUDUiTZL1K/WwOeU59Fo6uCSOPWyzblamgmnOjmsu vco6KhO+JyfKUBjUA7kxlboVTZLT+/nnNNsVXKPTuXEReYexoqZjpXJTjnSU kXositCKv7oMob28fgCOCd4y1Zp0GWMpGofVkLHOKWOGtSoiTnOlZ8cpfgti dkIHhvmh3LHSjSsz8QoGHPSwMFcbd6WtxmJ6lggthC32NMRjxkxaCvXgzFWs AH/IWM0wdbxKhvXqACmTiFiPH4O1fM7S2K5knRZtyXWF4y12VC3y/O1LchVV 2BIegceXTPpCEz9qoC+PMiY8u3+aQIwLauBiTXuQ5TdR5YfY2Dcv/x8Sj0me C7Wx/2Hm58rMbPUrWG8P0+tlCeh4i412KmXOXVeCH4lGDgVRVsn0V2hTtZST 1FKZ50kKTYsuVA0pjGRD8px8u6LQKoom1XH1/rSui6UZPR+QnP5J6LpfdnkI ZffIWbKFB2WtXx5lv3kLTULZ/welat/EgzM6Xd7EwhOThUd8S+jqsCFqTYGT hdR3jdGnbbwloWJZr8Az9IIYAs4ZZTnKVvV2xks3n7PVZ3bU8/sUwnW35WLi vD9gKsmmSMkRi+kH5pq7a8ydyDPhvLIlLyYKecAaQ+r+qlNXCl1AXzUuEc1E IIVpYRjlJiz7iP9fgrLFLlgqiWn5C1uc84QCB5fZbUJRY7QmZ8lrrB4BfKvA Ig2L3aoTnIXR0nLoklPMtaWLKr24maqeLdQIPFwrQiKosLIEi34c3Yhox/fl jBi161gjHKbHHPFIPDiwKIqVMY9Uw5upMpZcRXK90xckKUr1H8cRLw9LcPpm t55jJViKI6BD7x7yhdq31KZVcSnqWtUArhRV9/l7wXX+PCb28bugsJZrHVjp Rsw6K0rIO2QhXd0dYrUOf2BIV58wMeYMrx012dyAHMQp7vKtLFtRURgP/d0Q TYO9WvDnhBpErZ/eX6Du4h6HLeofcXn56tpapjQaFZew9WCVriWrcRZjX4WU oaHCmaQT1NLJjv/AIWiqCgobOkyHxre+NECQCQ62GP1tPRIYxsbG178meXZI Nc+ZHpvqi1zKJ9UXzJ8Vb/QCCUbHoLmyaG7unRMuqdf5rnTK37jrNWG+HfUO WVRvTDjn36AH870dCo4WqE0apzmH/oWrB8I1Pxrp+leFoQyRjZVD67Cpu/VY XbOwUJ4jXKQO8Slcdqi0mi6nhpw5KiknFL7FWKEOGaDprxOOtKE+ZvwbHMKh rcVGnkL49hyrFyEELpO/HDgMPCpdfmv2+ytbuEaSUmSPzllRFbPKJpW3yeCB TV50qHiaLphGyba4Sfr2WzYZleKPxtf5faqj4XqazZePgWNrwHH2VHKgRyoa rwBSFmaKDE1d5YAsAkne1hXa+B5S35fKCGYCHdFbj7isAZfdl1W4/YWFvOQv n/hufS+BE/CN9rkKGLByM8HJ9X2aF0XA9OfyIXrER6LPKvj374ODXvBv/xYc TH8NMx0G7aDnHtC+WnP6vHCMf4Xb7iKrvo0Gtrp2vzEHLLxDw3Ib63SFXXEq UVzOjW4cw6JBJ3gN+g2c2woEkJWJn8XIpvbOa8aqXKeUDUHiCDR4c5djfZxC rhcVa5bc2KSWeAPkgkMvRFHTysy3cFmJ8pq75K45HZBTMlHurMWdszOycJM9 BDCF6wfUxbMUSbWijLHLwaB3y6TDJb5I7dwySQgJV+k1iN/nC+OdFgopkeo+ RYEvb8l+YdqQBFcwqYRmojlNsyVj/qgVgCIsoM4jTN+Ez3WCAwkOtGHgiiJD W2YVjdfhSqd4uKNxXA2vzXDKloTF0+KLhg2T7aq2Y6pOhoaeKKLM3+vVXeew 4qrXhjyp3KnH0kOw6VBqWlmzrGCBviBw3Xxey2qRj4miCgnqiTZk+688lpFT WMNoPQtKaVce6e1zkNdFePlw8Qpwim+4Rl0MEOh1BiZmw07sJiZPh8Oxm5g8 6Yx0pq9dKKZQFmxbwOCo0KxH+7aMQGyCIDgPD7ZMEU1aH31zZaoqebmnhQq1 uM/0IHai+fTRmY3Ik5bm+IZ0dF5J9Vnbx00n08OPdQnJS85o0TKXIa5JRzHb ymv90ejX77CoVWNeR1DP64D5FFcroyfvUOLNdhsmrjCTDjCug5DvLOVxVcKp AyeaWocsU7DAE8OpKYTIj6Y26oREU6u/K5o6aIqmTgtl+hTUuHWHr81Bdfu6 /p4w5Wr0E7DFihLG4V77Y6GaJtAc9dhT6Qm2mc61q17F4w/nTp4GRyAhH0Pt kB6ledpkKidqcX4aXHW/vIJ/rpjqcYC4G7+hjXoA3F20VJ6FAcdmM4D/nq2H 6ylfknPKfMcLgWpJUAgHmptMQon/qPJRJ16aLAWU0H6JxBWDCOBlgAN2lij4 K9Ctyna4TYuvj1qK3DcsXDkRnpqkUeZoJffM5GsiWMOAxzAlfingyJXf3UYz H90EJ0OIdZgaFzglIk078qu1BWRMWaH74Jmz7mdqP99mqkRj2Q5ZFmHcqHOL QUe+/TVc/dvb96dn/+4aX0WpodYoXI4LzZJR+YWUo3K35Vc8gy0+qhUoeNJX rSoG2UiKKiFLlNmrdlNROewSarPXba2yBKNxffFVHy+AEIfYF0AoaS8vKWbm w+WPLTLQUtlUsfOyXmGKiVtritIZdYTsz2BFz4R2In2SWTkfl7xpFOLQceLG iFQys5a8SCTKm8zNF3dDyknGkFV5oobz3a2O8KhUrvVjxDU66Beb8KHRKl9F jieZ8/8eVNEr24srjcb2+sqeYKV/BI3qsliFsOPxUkWI21B35JI+MSJQcN4N OzkzE3PgJJP/MqREeaRET8584zHyoTUaDz+oqBV8XScaDUzv7yEgxg3LuPEA y65gin6R8eWCO2h5i62e+oMr/rvozUOrZe6vm/I1M6avkuvzTdRJPZk6Bd9A nZShTsiNbR3tc6de9/1zr+C28pF2lRZlsafSN75BsbYLrwiY7sq4SK934sTo qGbpF29YKn1/TVpzyxa+rdr67eSKUzMprI9NSdL01In8k2jnpkQwE83K8k2M cTc6TtgMlbvNEE0mp/7ZZCOZ4l+6ehfm1riPKS8encjOj/ubYxVUp704hIPR iaNY5oPLegQ/U7zGnn9+1vUt6U/0rML/tjf0Pf6XsvR+hmulY2qaxlA/H7X5 H/NH0z/Oj/In/8/978MjwM+KS490u7CqAzytHDS5w6Z9vTj2/uT/6f/ewWG7 D+3ZF83Vw7m4Qq4UIcNW123scj0aH+Iwg76Zdjwy/+PvzVz399i/njppS14a Ksej6RjbSZq5es5cg+nQzgUfaK7h1Mw1m5j/8fffOFffmYtqqem5Rr0+zTUe mrl6g4H+H3w//ta5+haGXPmsAkQPhvSnhl4Fhm6lM28me159C0MureZvy9/X aGz+p//7tLmwVI2baqiL1eBlOz+lSjUkceINwoSN1W69MYS40C4dr8Sww++X lcpsL7x4KmV1KEoeoRfyZJFR6QaHxJZ7E22ZWWClNWlFEa5WiqOeeK0U84jB /aGXWtnW3In60GIagFMLq2F6pWfscGRMvfCmqG/1EqBcnvChun97SjG7CR+l 1CWUxugMWvgd83g58FM3uW8TCrc/YFZpu8za76MyKduX3JKI2oHnlPpjbIAo wdmez3trP7szK29mdwacsWklgZ1Z6jU2Vg78O4pSK78RA9nBTLyb/NSy/e6L hCsaImvPgV3dkTnC61zn9qdkU40NS8QSCVgdZV9Jb1NYQBdLQM2FELp0ujvv dOk95Zdsp9m0pFDUUM30Y6nhmv3l/nlTCxkS3dCurg+65SFky2KkG3bLEGXj WrKy4gBiQBGFaEHlH8ULzaUi54k4H2JtS3RL9oVsz1MN9btbfgOGilaQcKvf s5PT14FuqGcOU3H7kUC7xSvt8bCen7st7T+mDuZlivdcm+2U9HZ17l/nm26w bZpTv8IUSeZd4VcIP7gxtMXqdQ0ev67nXPHRjZVOCxcS2a4kUz15ssjJdPXH bovjZtq9P9nQa/rmSumA5dwppVA911YtPltjPUXsSLJGWSj3GKgBbmVyfTd4 aHujOmpPH6IKHaqRHg+cDvhUM/j2UKLaFWCCEpnidmnuNXrzsY1cVqu0LFdS SohzltEQYoO4iG+pR9GG4BqtwvWWUiul7izFae8FUOUdMj3rU/5E38NyPsFR LfBKid9mnpa3aI12IsQE0BxqdnVjWilccd3/SyIABDoTO+7+ApD0C686rgSt Y40Qw1wBBU382N63jDCTj0gjn0KC/tiAGghVCIKU7pegvmiZRDd0v5VPoqtH ilZdP7e0S4np+iIcPuViACmirgSdwPWhcR0arllCxYXSzxxeVeY7FigY45TG OB6k0FyKzkinUbBZe4OBbIg7lUUKi/BaHWB7lQppNX3shfTVeyOYKBsKoWTb McYkUnSDhE6aYlCkQKrGtohM8p0kFKGPlDllDQH8MyYg1FbCB8nlX3REU+m2 Em65QZx+xGdzq+EOh45hxKNWv+FHKkdtkPOAy6oV9bLk5HuqlMvGjLrNHdcQ /lWth5Z7gbVbRD/qBPpQ5hjMmFELHHI5E7G1Ngl4HpuYPIX/7F+B5TyGdALB +rPcwALNtCQ6I4L5rN6xnNX7SqORKb7ZPtDmQn59ZrpNUS2MLhqnsh1eX/l0 u0yBUuKP8BnBDX/++/d80Tj4A5QM/cq/B3B1jsRzxUEh3tp0OEgQ6OAV3x8m i4LlwbWKSUJ7sCgAh77I7K2gd4idNKjCgczwx+6fYBLz5/8WACVdh8UNPUE7 ZnlCQmLwW7t9/de/Bj1riTsgay6W+tf16OW2B0/hzdxXWxPY006v02ci62q3 h1yUhuoJFSyjYu1RbmCH9LWkAEjjhSTUO1LdLwv5pyv/LCr/zKNkvAjDOJz0 JrNkOlwM5rMojPqLaDxAmqcUoa871FP/iSbjwTCe9hbDwaQfx9hYdzTthd14 3h9O591wMgmTKIl6szHw+mjUn00GOBtcEZyt2/vW+ar/wHyLcNSbjqeT6WC+ 6C9m4/F8soiibm84XUy6s3AUdwfz+SiazafT2SwawoLm8/FiPukls95gOh52 Z9qJcyVY4lXBYekAHaB0EgR0uehGRqeqtPwr7KwjKWPak3yTrNJllpFA3kAS wpSuOom6Dbem4iXnfjuu1IdxnSyib5LrVXoNgvNdUKxDIq6oebNDUhdbDLdp m0JYdHUlrxDmHAsnxklol0QkWBo6Fg9qifupHblCKUgbyavYNYlT/VOo2T7i UuCD+J4Qi71XG7m37eyF53ZuC+u9l8J6988dJbHai9BVPtlyIXHoWWDf0nYa OlMl5l3X+es8e+SkiFUK/1XD4fzmZxdX3/lPNLxtO6DbdxW8ewbvIg7V032q pdTqY5p4W/QbwZD+qjBN1IGw4Be3AC6aGqs9wm6LByokCoMNKCs+XLl5Dc5Z ZHxXnGVySnmrUgPMSMmdcaffGXSGigg5vBBe5wnxaFQBJQKJUvAKFoA58kHn h5ouD6LM6JqAnNebczkM8zh3ekgNGSAGo+vmVZ9BKZoSOOgLVKo3FEeDdcSN x3d19zDUTKjg4/0uZL6gPt8+Vc69HWg08SfQpStrVpuGOniOloJpx3TG0Q40 nVZtR6yFSFVakuoe2xhFUK5WbYyglxgqigubU6jJAlRKEfXFnUQ6z/1zt56t UlU3jfiwmt062UZSYN2mPFRv2bH4PqmjBiLV+w8fz9+/O35D5QArrS6VaVIh ugOFR7Vsjiw6A/mKabOuqWFbqeL71FCy/SWCuaaoarYmV6dTxxXLNhV2llrI 1u9nGitbI3KLWZp9hjFNwrsKDpIgmdyxLVJMkz+jbENHxBHI0IWqp3QSJbi1 tN+aJsXue9ubK+t7I97HdOiV1X4w9o78bhirVvO7ASd1HFLLoOpJ2+s5+7nJ F7bX9+W6tmreqy56Qxxfi3GpNPppun3naSTg2rHU/PTAeXpE/iR0rdSeJl+J U4TR+EoAQOIrwStKHDx4wydwkaCRSPdOfV4LBhSvs/HPMhbX9FBzB6uRiV7t REUxmyLTczCaNBtxbmuM1pAELd6FNWdZR62S+iassjs1a8VWhwHATlcjVH+r azSLs7Z5YVOgpseFDkKLd56GqgM32a7ghG+inhJ+Br7t+YP0MqtVdnm1rYYw 0ZaiPbllO6vRwU6wgVv2iUmREyHTqTaEpqUxuXX3QomQJqrXtgGXAsCm1WVj rK3tVRUKg6dUTIqJLUx0MLXCYJSr+o7d61K5D0EF471LvM/d3eTYrn2G1Zgu Gt5q+v/jftz7GrSD6VQ+9voj/Nwb9eufeRisiLlvmNmgOsyk/hmGoX7U+1cz 61WHGdU/wzBVdKoM0yPXsH2t36187o15NTfr4MBTQA492AwrqwGyVftMhEio CEcPCyFygrg0FaLfn5ngliXm5Ro5Tt425ZTXYX6dksTGap2bUicorbzrKVfX aUXhdUH7TrDdmQfkpWti9mq3IYX1TvTenPN5EK+31JYZze3enXtygwC8TB7b lCsjt62o3XvlZuPS1b44O3n/9u3Zu9OzU1699zIHDhfIJegOCnXjSEUuw8e+ bTKnc30XFgjSSi6mZAuHpaRdI8EgeWWdrLP8TtlZbdkpjnHmB/QLTJRs73Pe 7F7iyGQdCbwUeMmdCarleykIM6E8WqnXbfJWLQWE65FzxyFRtAFfPmEjOKqM +Imxph28m8N/6GvxzHyiIPqgzfYy/MFU+5UH6VV+rNrgnfZYTwfgPWk/GE6M luYq56SGa7/UlkAq+gf2hfQBLzfv71wXVse2eZIKf9UwtzEINnFO9cjVdLJL rt7NzVBzwKYbbuAnUQdPGaC+cTMg/oRroXLN7c+9Z+Y9QkJpET3Rg9iq0s77 eilOzemmQUa2lTPKldLIhnAEUZ2LD/e6tp9ktQll9a2nixaHXI37qnqw/jbc NulEfunsd9VS23uuYM0RQcHW7vnDsAb1ewMVRnlWUDEGXfe/Ic/Zr/KCcSQ2 Xp/uxLH1WFCvtQMMTTx0lIf75xT2V1MbKITRZ7rvbui/G/pv+XQ9wvmqIdbu aUF1fuAc/9dTNTxN4/jsst3rT9s/nLzVr/dIiOr17d/39/AzxVG5r/fldZC6 3NdZW3n8ddRFTpYh/NvvfshWd71Bd7Tndc5KG1hVBlNn4JczJ7Fm797/+Ed4 +yf4509/0nFgXil5I1NwZo6NBNMZOjplh5pkMKy5NoobSS6NlnAl2hUmEeeP 5KE2ZJw+p4yik4xyD7WXGrBvm7Yj78tqKK9Gd6lfYV9mo7TuuEVRCxX+rHtQ Kd/KxpmZIBrFK4nTcIcVIxe1wo1dRi9VOxtkA8x2IhKky12mm4rCwTf1CzyP 5eH8O+vLfcbILimVFHlwmwVUAY7q1QnTryZPmbw7M41vj3Xs90fqoHcYxDsd psI1ANxyzroyL8Wg10qCsQhy0DdjSJKbcuu/sJ5mOHO1QyTRaJ2XSuRXMlZt l48G4cC8T7LVlcS8H151PCh6rgr+Xtq/mjo9TqgE2dIk00pvRMqj2STsJjDo Fh8o0RWkEgPCbEq4LU7kCBdecxZk6pDorlBOW7JzToHNw6L0EsO8AQgZUQZO ZO1ujQGsNl0oW1jVJlfoI9XTUu7FgYW6PgyK5reQRQd2PW/QowlOQgGPWrG9 1nLnvgY+fFUzfJ2AOpJgnoDZ9XopdFsUrRfRqWhYriyGuhVRG8dq6SNcJhVO 89aJaKrxhbG7WaC1y3ZP0VNaMJWQfG1CEcXxxjR7mV4vuRaBsYjb5Bsveabe /BjFhwXafAD/yexBuojuiKoR27Evodka3mnoTGmtQWSsNzlitlQlUiHKUG8q K2q77NJ9IFu9yF2aCqB9Vr/v1CCptUakqGFT8pthpWxjMKkmhx7KpqxnauLn FO/BbGqL2QqNXFQCgWqD4NitejGOdt3xdGQbayEeiCX3c8139Z1tytPBcZxI MD2QlJSnNGMbpWcjomrjoRWxTUDKZFQy/evxbGnRB9+hczTvWFfBQ++Yoivw iiEs1C1HH+q+12u5oTTevhoh1eH3VSF64jR1/zmeny72GVsru3to1YhXLKOx 9pDQpt5lUbTLa20mdUHvaIV1D0k+0R7zluJynutwJXF7Ta2ui5Zp6njH0T7+ LahcTa/PlKmo2tAW0bsh5PJyytEaH4XTwpRDwEhD5zi/ptV21GtdxI2D+ivO Eb0VDgMDOC1gDTSGMyds4TN1dqHawUvx8qHYhXHBrv/lmKq7UckuLotqAwRZ 4tPzrcNNukiKErTjEqgNIZRDZEwzVVMXio6Rt2Bga8LHvJwIo19TM2TdcVwD SYgCNvHhEDqY5jbPKHq2UptXZFYpvcUOOOyBGrGxmlde7OZ8EcrqJsSaJGjZ yBow7aLk0mTXO/TrkTytuWcmPaNMFr0iRF6Gu4KigVdcSI6YRWlnqvUQDtZY KzRI4D5zdKEGoFo4vlB+iPDAlMHQvn5Jk0fdZM/g+W6jkNrDctiuBrt/zd2Y C7syrogoWQ8UA0gaidYE2FfgcX6yQal9PZFZtfE3xc1Xq2oIUQXyBWMfPkC+ KNhtSXJrIkRm4xpHQorbYechkhUuMaNMFE/iFqKWwFeMTCR8bVpLnpQ5+24X VABT+RGojjzKoUA1ymf1O1f0Uk3XpBEgJgCXCkHvlWAULjZaZii0oa8LS2RS hEaN+XIVlavT19R3RhqcukwQIe8yOHnBa4Zr62b7HU48gDIEeVGYeclRjPUF 7TbrLKZtVeVnznx2JDhH+iz8fs6CuhTJHIoJF8P7WmqTmRLOlJoibzYwGBmD 6FG4ug3vCkP/WHgPuckyKVQUBeak1Vaw+ymHxjPhfVehK924wEFo1yCW6tAD N7TGiIqdQPMSGFaiBOT6P4WF+O2j/Qalyp9QpjuXfUUhtzE3RNx5mufX/SOY IwPFcKQiafid30nyQlORPS45osM8ahYSbOVRs5A8d974YPp8yNNO4w/HiFAk VIPVSTnOQuwlUutRRaWeAXMMHQCQX4e4yyCkS8FaQhxu+UNZhtENZSPoDkJO g0odTKWrPmWLPdFELNXrQkr+IrnOmC7XS+GuVMFUpEWOxInuSEb0+ql4Zdt/ VehCKjAgbwjDmTHwYuPqG7yhAsaXYjFUXUZPcQ6wKrA6zS4tltoChPeM9AW2 jpnObURlQixAiXQLCDiQsBi+mqellJTCN9EALoZ/MZvACLr+l+T1S3OihoJY sM5L6dHuFfw+QsTAY9QQB4QHfrHhAFRbWQS9eYEfSaNEU6yfAhUVjkqOd8XO VGw03NzBhw2SFNsuXsk3VjKUzgC2dZPoibVX5Rvlv2oyBJFkdQSzgc6k1xQd Ry5PfSDIEYHlFMEBNXxCpNmk1xv/IZ1JdMhuyxS5s73cjgqMBaPiMI8LG69x dnJ+dokSg2205ocFmlw7U2GYN+vVQZJN1EKsdG11wTrWVoUreTVLnavW0U1t TUAWhUk5YZh6NEsfrPPYOVdF51prllHpcMvtsnDRdgkxdXsGZKAIPyxOXaZw VMG512G2qdlu89JUDduesCptPfQbxyqdNkR2nH1LDsySWfLBvtKE+47Mo5wq ik4XYelU2XQTEVBSE9KHtN6T23Ok1kh4D5jxFVwqS71E1vC+JFtjSdRL06B+ yuoaId48W2BmawX19XNJrpvLPccR7DsOgOrLpKD88+olwJEebH/suMPRZrZC 7sw10t0sVrebModP2WDQgM0G13m4haFweCC9IVWypHqfSyNXG8xgrhfmSdXq 6eDOETwOAF0l3Ak6WygLQ8oHIU6AleuLApuLAEG43cAikA/n3P0FrwYw8A1v FB5ZprHwDwrhNWWJNR+BR7ByqexZM/A5yCk2ipu5ESWL+AtWxe4a2GTpVYGX eqhCcY0LhiR86dQuYa6gSbRP7Cmdu6eEYXRRKqZNzzDxQANspAWfdytEUjHk P4QImoOjk+3lb97OJt+fvj/v9Lrwb3fy4uWrebfbHw6HE6xxwiiDurAO52i8 IyDVELY2MEAh84YIPJFyOjjPHg9nHH1j9VDVuyNX6kEqCBCr3a3gXXiyQpvF PPty5dTAu7/HH4DGLSVNkJQC6uzSCY5LZb5CEmAq8uNRoNtjC+zPtkE65jgl dJbDuMcvX//45qLfxfzwJx1ZaOvnoh8FLgRpuBk72JS+u4g2bg8dS052XM6U hQMR9zpYzd520btdZgprYBXVanpuzyquiK3t16gAZHPxk/qTt5SEodTYO5+r 7aEJqwTBL6dGfrqi37JqbVKsqUVUGJ9jXKglqi4TykIcyfGIqOTwICJVmtZJ mMKqAYc0Q1VbJrHTN+U6mE+8TGwFU9q+pqmA8XAhsgQmN2WBrjDS+EGhpPLI DqHMdmU7W7SLCHg9R7pUbZCNPicZ3CwdC48IWXtoA0qSTbG4K/Zvy7GFTbIl x47QVF4Bb7QTvN8kAj8WE6k/q9K2POzAe53ivgoQKENuYIvpl1cHUmgMS/Xu tng3dBlbk+PiYli7rXOUo1J3ySIrnqOKOL3Xqp42heIIejONI8ttusWeDada LB1+1SEDYP5BGyKLxBG+WhWSU2CyPDEWeNi0hKzQSCFLqkGWe6CZpcDbsmCx NuA77LsTNVzX3ljsVqwLLe/mOejjoD1tyh1W9C8RHY9IYlHIzOSXtsV1L2PC uOzneXaTEMEKlR5N7nRuxFNWhCqi89bETpgWRktapKJ2vT4Q6QY1pKVMx7Ox U5gYyDDVkmWTjhPvWeECXJux5L6dvgSFPJjrwoecxAP0L1zdoWdYKn8ziaYl nFx2ezQn3k4NVCf3ydWDuGExyC9oRd1I3xHDHcg2JxyElBDiYXbHhO2whvN3 p+2Tk+M+J7uQa418cqEujGNi1shhoAuq8eysGFSG6ARvQTLPyNWQVjf4+vWP 3bHeoX7RHKkOtdNT4d/U4CDx6pw5reKQ1STo3kcktu5DavMYLVOgKPVZSFJ6 CLYck05t25zmgfOkvE3EUSDARwzMCo0/fHhKL9xCvSZCHdC1xZZw3ILu0LQh vBWjOw6rSJrDlAguFe4uwIUQHkiHseqvbkV8uwKVcp3lVAcwVNZTmmJRhmkY P4/BebfyqF2UFC22td8NuE3lBqmVTp1ytbXBHT4JnJGTmpnHDISMSK6O09zM MZ1UUpD2SbDORlZ3zTtO9oiedim/p1x7rUnTMf8ZmyHB2AUlNomRHdCy2l3A dlZTVjoxumt9H2tklqIkhaTsaBtIpakbyUJO5FAn+EFLb60qk9BJoUhAuNoi E/XPaYJpFtyPDjFKSsSuws8ZlwlBVmtLK99fOh9P/3uvS77YYySQGO294Xvp kr/QOUM007B0SGtBMkokFAu7KCYY8Ks+dSpsxGloxMuLuzUoiJio6l1t4reI +rdcklGuC8xIKk7LXBpm9HeMsh+OadPn7z62Tz7+9FHTQ77pLXOrdaESehiv QQGLKRbiwjERz5YUUYSCfosbIV2H22oa48EPp68PtaUM17VEbVvUkAA1P8C8 HINH0dHIK7i//+H4g44x2Jc4dOT9JodM3F73QhIzaAbPoBUscF5ufJ5bMchb ti4YAVt3B0xzsueG+TUTGIndZTGnkvJZ6qwdyioVQD2gf2JZBiXF4OPCRBXo QpdfD90j8SQpdgBIlLAybhO2dhu0bEA7WMya7hUZN4kg7rhlEc6g+M6h0l+0 TOlSQNFdIoItGxJrjMi0I+CeqRVK6KwbKKxNQzteFZlcZ71kqpSqK8oZpdgZ gJRjs2QnmZJbAhthnfy7as2mDS/zzZuM/B+FEaatss5VabUJzOngXQthktaR LiVm0s8RlhhNjq4QJNfaXWGH88sXG91ZHO3sledCHCC2rcM8/Wui4/vTjYQl SNOL6lF3MKhXOTaI0DIyYxpGQ4ylNewbZque9k9e3V2xIUP5TwhupokpAaRZ G8Z7c0zIz8aXAnJox0Qh60/iYEAe0fFyzfwg7iPv41H1R5iPxAOKab7zg8vv vE+1JFLkTE94z/9RSenYv/M9nPPb3sP2NcgrT1+32VFAwQ3ktsj8/sWIAC2g ZDkZEw2ek+4/T5SVL+UuJ2Kq1NeY70cFq0SSl8vNopzmXTpu1PAeR/5GTkUz Fzt0nyYkqHPBEJS12fhsMhht6IoVVE03VpHRiR0bh91+XoxgwG4zxnbmKriV ZhQeo2aKaa1LUkslxCqJOgnXMGjYgLFWeuKI4vORJiW+pNLoCWo5BEFq87Gv i1vq2PMJ2N2crbLrO6m3zm3nHhdkPMJHZy9UwYs4aq7JaumSAjV5kVKjcOJI HgzgqCuygDDA/W59lkZs6VjQ0qPSbpdz9FoOvSf1dWsRD9nENwohD4ogWjyC oV+zavComKFe8X1reaijYYxYmhWprDgBzQQLAaAeaTQSRlfH1OsCuY5vKGw+ jlMm8MIIJJ62+8CRmCi8uwahXAQSja1o6eL+6kbKqa5X1S8B3g8mNRoitRgV EXOxeAqIAKu7QEqTfKcoMCXirMqwSLmFO4UNsPX8NstvmBrSNaQROY6DiCgV 00AaZAOdlBPoVGn8pqOmRHAwyOe2DRIHMpbQs/Kp8mXXBjxqFD6LBuGzQfT0 Y4mqi7PlkVkzUL5WcEpagaX5JMaydHFXkcYq5NCjGxXDYbXJjyHDDl77EoMO ytBG66gSZRFSR0NqSt+su+JAuq4Br2eeXKebjXFgWe/cdyotrdCj5T6bt6FN +ujgyhsEM9iRGMA+ZEXZ/m9iztPBMlxMkCrxMLdsNeh7LNw70BRTH/te4cZS eBWlOJs7xMZMFjAt8vFY2l4hm1HaBJpSfcgtiY6wJN/0KBF4x0hjSDDnUI4t 7kqeVGZ2zl3G/oGk6aPy7tHOh1epOGIuooJ2LYqNFBkZRysweu/O2LLdBeDF dQKz2Ohcp6JaPnEgqjuIeMxfsthvqLczGRu8i3zAGUWbzKfrzjOH1segNRKl 3XTaVaCX7h7CQbgql2S+5VJm5DleIVjzQpdsOETOvONwhaJ5nwQ6+GGeiutE /C4uyETmqhPslm0BwQTbhbM5wAaZicmCRNMiTa2QhjrwhcSBRoSXllAmQtup kqHZwy01dajrUyUoy15rFld8S3zbcdBYPcZvs9Vy0rzZZhqr+Z0jXaHwbbuK iKaT2iiZZNOoNIt/kH0GBgTG3kaeNg956EZw9bLAXivyJIg3jZ6gu1VI0Bvd i0qnJBxZnxbPoNwZOn7I3sWTajlJKw1TEkpXNKo9R+USOHWJPuOtFXtESm51 //yUQ5arqVp++OBXjAuAvcDVaUvn0pRKnVOxFOWVpEIVIcmJpvMbgX1jjwXm 7K3ya2npSl5NIXO2ZDPeAt1pUTqHXEm8POm/LUkNLSR0Q4dQ35pAW0yM25lQ UdsGQdVKe3GiW3UxIed1SKVqNFCirgV4I2FkXEHbKS1VuOsXBkUi/AsS3YNz I7ejA90aQ8yhVCJAiW/5+l4RVBQ+tAOE7u6o2o/RG+o6Q3BgLqXOYtVOBeUV +Dqkq1hRI1vGn6ZjNBpwUDXREPLOO+zKb+foTyOSH2tuQsgW5PR3nVnMwYHi dWdkG34uifIMcqMxuWD31K5HVNPGPomWwCpzIo3ckE7FJfZGs3BmE6pYqKYL 7LlWveN9UrsOK92xAxkOO8dylYRgCOuW/WRjRM835ne7kLBiNBVPICnidOnL Xarj6N0ZPOv5mrLfiqpcydN6K2l8rSJzOv487zajbZ9M9BvpYuW4XCjKqiGY pjBh98a52giG/Zt4fDnOMiqNAKRPW65jlCUIwHjQO+rg/KFYoycMgcEr/nq9 mufsGW+ZkLlS91K2XnwKpFGov5oQ742/JsBLBBklEmOGe9NxsgoqFNpAs/lo VQ2WgQvLp8JC1cAZaHB+y3EoC0vkMRT+nif4WjVGSS4IumB99APIvPRiEjkC Ko0kJIUkhA1Rp+wadPhmGCqBoS6H8ghnb1HbYofQquaTkVKHRV3qEGmMQzJ0 5B/sGfMoLxKUwvC8uVCRLeRTq/570JBgdOj2aAcxg+YGzSW5ZdNk6goTtAoS teuDowlGWdcD6itM6m3oo+F1TsqjrpdpvoGV6wTjPSiIEgezfLc7mtNpvroL jpULG0kQDn+j01FRptdtxeGaSdQ045ryrMpWSybZnaGEEe+rjjky46zVNauV WIFRYMMKliL9AmHfERevCXOOlG5r+iidmWD1QXbxM5rInbZ6rOUgXnCxuoUv Kd4N4MHz7N/Ud3X5HzmGp+twMwT2KsNSspV1Qz8uk5++kqKP0iqPUYc/GMJ+ +sr2w5RQM7QfYfCuW93R3lMOo3UrFDrRFS0KXzI1K1r6Z9NaEdtfyzSmcwJZ zTwTJM9RCW2R5gyPvlZdGs79CKwkdE2qCbkay4oTbG2V3prYGFLEIvyNV9Rt tBHqd5UYj4iQmXpFLNgFH3Ls1ExXkSmPX7qFUqJoNe1tcfPVBO0/kIyAH2m1 fn+KQd8UgFKmrYZtZjFPPL1kaVpZ5BTdhKGavxUbCk7A36H0t1FmZDR3goBJ 3d+pdp8zDhtZ12nJxW31fbb2YSlUQdZwgCnXDLCZ7KZFPD3AxBvbrKTXUr6+ QP0RI8+DmEueUqUNjv5sSZkfW1EVsXEnvudfFdxhzcRICWvw+rDh2sQgAhO1 NQS3YVEAhYsl+gsHOiJaFCWwgDQrTCBgk+CxR7a64o/SMp0JOjWYj9CvFnB+ qOjnbDKiyg5E7mx2l45+UmFwjXX5yWwmCdsUBST8XhcOh+/aWDnoMwf0m8BZ 0kx5NiUqC5tVjRJhUu2Y8AALQWtOLI59Gw8quVZkoHGyo+YJYCrondaowrHK IZb4t9xPQhEYB802xOP0FLgGVbgCrUpLeQN791H6pis+I7E34Z3pNsRseucC kqqjY5aN2KlMNI0oN3ZxYYTB3oUOfqaGQwJyxivMPRbMoiMKNyZB0ZY7ENSi w7Oz6mMM6/jfCThONiQd/+rySkyxHGONO+GyWy2WCPWEWmQga0H1LMl8hEmD XA0RBZBLKX5U7OZYclOVxsdL8T2OLCnxXBqFMyRRub4nuB4Ma7VtReZ3yhON sRqnuMK0aE/L22HSsOd+MgZVvM8SZo00CO1jygUuwnKNBmQ0eOJxIwQ5r4Wt tCzK3t+/+YE5M68VX5MDVBorJGsSQY2tMADajaAmYvLz5c/B98H6f//1DUmF FIQLZ7kO/hWw4Tq4Cf6yS8jG60OMb4ELUUu7KcIyF291makbv06f9oLoIt0b LrsI9/wAY9aNx4116yhbAfOi8GibkAz7UxYQxjoZSjsOsjKG2v5OF8CpE269 Tq7NZIPWN5U6NTENfpleORyE/FGMmibYnuMH8ZpGVM0hYw6BrnQpRGHLrCwa z1bDmGsyFtjakmL+486hX5VDTlitd4UbATpPtE4lrUSMaU7f5SJjTLTnys7x ZTon+wLZhGwm8gEXU+n/j15/erin9KykeJjCs37TZl04ClHfR3uWOk5ZKr60 UvH987qhVNi0cBd2DTD59UuyXHGn2B/QwU19pH8lWggJoYrkcto/BfGyo5hE dh1i66QIhBzA2wlektUd2DtTJY6dRRVsb+BewGEMsjibZmQrbSpNJrQ+IJVn RUvQzA7DUlO2MKH1W64E2k2VE2XlOFMTMugvHt6RLrZe1Ud0kPL+ZVvTpDgb NEV0ipLqwsCbJ1dvP3Ir9nL7pivUMDsdKnFql3NFVQjl68a1HSrxMS7SL+1F DrLWARNAQnP7bYoBRsbwTGkQ/DOejS6+IUo6S/YldSAztVYCLyzb6+HR0hUl KgiiHATR6qau0sJRvqzD3TX4zs0J++euk5kqXd0exExC4hrgOH3kNqRIKdOL hAUK41CqH6hqLscv8qmDFb6Bs1JcSqcPcskLnty9Di6ShtQAcpXaEEf1wZow gHSxzV8cTcB25ig2pbHbpDlOc46xQLjdJA54LZ+uHI8Sa02l0r+U+NN1aE3/ vNdhsTTQf/32+MTCniUyBDvdxXPrreGd65avptJ1KdXm7BFLFiXxxJi1AeU9 b6v/VDCjrPRBEELlb8lBVJIy9b5BLbyUoHey5Qh6UN1GJjOCJs5ouqgHXCsD FFHkTRZf24gA0nPBlAXUVYfF2CRuqxUgFabd2mrKxvT0RIqjGNT6uDd3xujK JjQazLReMcmQpYnMA3Cg/ZHQX0o+t5j4knIgctadGc7cVCLC1f47eYMdjLod mDpAOmMo17NJKVSntOUZSBYxe8lgUe+yTfsHyqu+f24Tkq266yqs5ChchCk2 F0WVUvKTtRbaCXzhI9UFdsQxpjPSajldvvXDL8MpYqssRyW0eJ3CC0I4RZLJ wE3uGl62Owcrc2bVmBCH31BD1wIIQGvfQt00SmOCEjusjuZ9n+uSGvqbN3DE SjrPpRhJ5DYWss4oyn0vpMJopSgWczDzkkDTkaU1YZDGunxauqDJRUeXBnQ9 RtwWMd0oo+rfcdl6W9cRYKXHuOxI2VI4499rn0Slricej+2p2FSF9NDmy1ba vB6YjuNswEQroqIuriQm29I9QVDPU2VH/CJzopZ8aqZMccQXpuqtsRIiMHTJ EGHOMBQvJjDFAnRcharEVcDxv9fP+A2jJMwKsAwpDCIFMYsdbVriGBnIjJx0 IVW1zqKOd8vDta5ew65QGx5W0JnAiX1O/KaB+jyoDBLHx1Z2JTy9XR/TMbJJ +VIkdSTCHYPYjkYkH8sMhjAhreIerJEIs+7WjqcitgEiWAScrVG/7Bk7ljdq Z8ZFHUhRXWWg1Dgp5y5imMAGcY1zKT8iuio0KqUJccahNGoDod1tREXmRjVY F55IYUkhTq0amaLZ4rSIKF9rc+c2rjW5IlJ5inQZXW3ig6kxoTWXahKqU6TH 2p+oox1i8C3jv9Gh2CTZUadujamlKc3nPMlZldcZi/5ErLHQ2jyxuj9XGmI/ 9jqJUwmPt7eDymSHhs6SlrKbZ9syRdeDnUy2fcF1NT6YKhniGaqSQ5eyVYka 6RA1wqblFFWncE8lbDaqA910DN+FMqVATGEPkfVDStAOqYuAu15rPRKjCocM m/OnQzZTgWrBbLs2j+5fJyVZLjlNUpCkqRCDV7ylfFIBI0VyAwcpajOFzYlx MobormHLeMADZyQtCrG27RmnnMprWzTluyu2xIaD15Hn6rF0f8bCBJaRP8nO bubUkrcm42lsPETW6rYHXo/ASq6cW9+AelAq9mJVl9hY38XE9BhnlFREw4VK MB5aj6g9XmHEKxgFPxi9I1yUshIJUN0b3kCKo1/jDvDnJUjUZ2Z5F2Z5lDlj g/OsW1Y32vPdqrhZGKndpmppjA+3xlYEYqlbK8kp9xPqVH8sW7Obf8a1xTqm SzicXEt4AoYvuX6XFyBhIndsn0O8oCGFCF1vyMCEfixSQUw6dD3QwhlH9GZi ILrG4+ruO81tnXjMlnVHNdUIUw+iTfM0cDTUuRBr4Jc7KXdDdgCqZKzrYTMm OzEKbJapuV7Y/LIrau/Q82hKI1MlubYLLwCeLY3sLHykrDk5lziQVod+ZAu2 gfKEujQ/G50/A0i4jK6NGqA0bOkXA5JEU5qyxhz0b4BsdG22vu+GbShrietA ZKJD1X0mutyGdkJrA0at/Qb2K5Dydqwcr7fk/4BV7KvjhEIWhfOipXHPQo0T DgPYq6QskDQMFkScquoMbrT3NDdXnc4GExNr95rlxw+mKhX3U1SqUuCk8Cqc SC08LugpnUaDamUrX7CSEFRThsb4vckLBbfCaTQQWn/kNmSN09EVLynD9z/O 26edNCkX7XJVtJNik5poQu7XMp5I9LpE/hY8WVZmUbYyxYGVnmCbYXluHWvw MmVKyq4Fp1fP/fO5+9NXCg1BAW5XmFIPtoS5RFo6QYhI3Tfe4JxtxkkZLr/t NCgsurCOtwYvf5Ys5YjNTmZitcSAqah/yYh0VsmUrTaJ4ete3m0T0Z11Tzoy RlVHr7Q3d6VdZMtIAiSgxqm3jqEUnvoq1jXCQmd/BCwrSJSZYsgZD69c5dCU 32JSY6wjfqkdV8RWXt8A7BCGQ3xvJDDps/GMXy+IQmLn8ZtDxXM88Cg9gA9v Dp3eY2nhR6VbwJI3yIY2e9EpvvdDGeb78O4A5O+y0o9hpYZ7uvkGizLXyKcs S6pE9c0xYkO3GQQBy1UsKpUKdU1emb3aydkJWBam64YgNceJgqSPO8BhKBgJ BKtOcCb5BQQZU91Rcb2m2ltILSUnwdrCOenEaJiuW5zNDtVcKZS+Ss7CNT3g Hyqkx4RY0wiuXIGV9SQs5m1ShlTHpqrfNBfkkBZqTnETCYw5NOShoVYZckZW +qgcslNtBAmuxh9dqYx5skghVD1rxWq8x/Xmd/SCmwhyfhocaJMq2zmoHdwL b3ws4Eb5lXTDDqh5/CFM6oaj2f6P6I4qkhWa67iK8zwxCVrE7TYFORZbik1B pGNJvqVDT0xlATpzqQdNQp6U5zCBCsf+i1x5Jy2Wpl4DGQREMtBnJ4vFa4QF 7g2zUzpznFS3QntjFxx0gRAmhrdxazvofAh92E4us9ptfKwwN4iNEIL07vqd iv2oDQdXB3w+rQDg3lJcCs3w+UPdgLjl5mHcEnS4cFrffRw+1AbQt6/haRgd FFZWy1k+s6RdbrnFHrLOA2oohq1Y6KOsKI2NjPzqoWlC6dYgAnHXxuoQPfWR nNSeSqhFcAxiQMmCP4eotGk6M80BmgdXn9k8gt1b79aAATlgsu1SdShQQxuS 6aYsriHiA23HKKCDN4gmvHz3sTf7+lVF+v1a3pdWMATr/DvjhoyaEG2d+VOr YEC1zLWp+Uynv9w/FwtXW2fE1Dtn65RP08YMsJ51YyArNpPGhFo2G9rYFh3G 2VbM2JVIAzM6GtVCEJKvdxhQbYa3IWwSSiU941oKi8djdMbdkUYxW0qPI3io 8p6LmPz9AZzdAaKdmLgXYlbG0graQHwopUk23CPKEikn+CaVXjPs8dRV8kx9 Jv2zknCiwifVbu65Ye6eVq1T8sTshpJSwuV/nUgzZHXU+IGiEym0y2lZYhQ4 R+qzmUTucbvix/09BhX2emOUbHkNohUUbEWAcyUjpOnSVgUxV9bzxWVnTEbi yjtUl5uiVRyKgTn6Rt9wCpWTDdVn13hTWow4PGWIfRVAW3JM8uJBwpSsz2mM Vd6d2CpQOZp6Yxj1lm4c+VUFegqUxJZxTDpWehuL4VaxR3zyl1yG1x22KaOI zbpY0/T6yLQfyH2AZcqGX/imieKpSrfrMacX7zs8bcL0+//BhjifY41+LnlG 2R51VhTDJynpkMtySylmdtnLAXhQ9zpakNGEH7mkfp9PKbuAz+OzdfCSiQEb NRrvxApNNe9Kv3WsG9FJLYGIbJ4fvzuut39IgbTWqCWS30S3q6d0E8Pr0FKM 4Uw0GojeKTqfqdH8r/nYkIeds4iSgjRpvj591fQ19wl1vqeIbj5eO3pgGw6y ETUMltiOlIWSZ685P1j6moFQq6zu+0xXZUICC6idG0NsGFy6AVs66DxmpRqr C/8LquS9PlxyEnkrO5P02TKBo4bLIdH7z5qA8Ezv5Y4zW7UMR8MgpZSSHZZa Ksd3obHNi3Lm4BT0MuFFcIajIhS3WZsSQiWWURVsLNMxhsbnYYi5tIf9PhiP RoMRklrZFh0ste3lQm9maDunkVGsfvdrhAC/4OYjuQ9IZi0/5AQ7akQOG4y+ 1Xq13ngAv/2DbQwprXUNfHDQ7c1TxnSYXxMs3hVPG8XJB2saBjWmI5D25lm2 SqhjjKkbmGrR0gRyGqcLiadPKunza9tw+ciI5d6gqUFGNAakJHGSirIpC+oH wlEHrCsma9MuWF+gCg1wL4z/05MujM0+UDZy5/+fl+X01SOXZcm/S4c3p+95 IDE99dbrv/R5xovqedaJtz3Q6m+PnqhfOSupNBp3PMyx02j8SVRSPe3cg8fO Xf3i546beOTgH6AcDqFwTxXf2jzwltgWG997gBxvmuSRxlF+Sazzuo4T2gXH kXGYUOyJNTtRIzISFFbpDfd0AzXiRv0m+6//BbLx6jbZtNRvgHS2PyzTVbrd ovVtjagF35+GMG3wMtn8GWNPWkr/BV/t8jgDiTaBL/PdJgtersINfCxb6lUO 4wenCYgWLXVZoj9kE7wK8xwEe/giysoyeLXagdSUt9QZiOh5HLwOd9GN/vF1 tgJgzxP85scEdPTgN2GUzWG0l6D6Bj+GcFluUngXN/Rjuir/CjvYrdIQXR7w Z7bcBG/DsuQ9nCxzuFsZSn/BB/iW9gXqFCzqIk22CazpItwuw2QVXGRzEBFb 6i3oQ/y5wHXk1/YrWiF8RAvoBvAiW9MklyUF9AG6xwms5iIFbeH34XJ+xyXT WNmnNtPpfFea/pBJcPLq4gcuVJ2stlhmfQE64BwdaFyyAOVMDD7lPuixLxbD bWu32wE+jkjwETs6/Y78boAAZ2J5Fnsvemut+oVPsodOCI3WFBxnOQXkam3Q qm22+C0jINzzXoe7gF3vcm00dpqBb3wuri2WR4HfIZ54Mtq/sC82h3VyDKf0 gQkCb10u5Tq4AsaKpiZ4E0iy/IXXBP/Uiv5qhWNoL4PRr6VjhPHauWsUzQUh mYN8EfyEXcJED/qJg9SIQl22ggtql3lmE6X2T0GD+P0OdeKx24yj5HDuq4Pi 5ic08f10CFTWz7ZOb9Y/HV5hMd+AjtvkLzsvUZ8DTPEt2b6OGdOm/TEn/otq h8NcwXtrmOdSP/GBjw5mxCEPjTWv8hQJe/gQTUkremV9q3OdSiyl/VmA1emg lDtlmQL30C4yE3XWUf2OaUVsNC8bk2TYFY3G4kDRgF64KLIm8hPStoH2U/EX 65g5qSrADhldzxbdt4QGKbGD+ioAG+8+6ZLfTk9ymkhm0ClDOJCQAidk2hNc 7u8t42/LaJwLqmWfgkexLcZ1MKOzILwRaP75RKzuSjeu0J3TTUmfQcd1krqE AsXsRfrFs9foKLrUi+lBWoJLsmmQlZhGqbkI0pDJ5NC+B710k1MFEDjoH1oc d5YkUhObgv2gSRzf96Exi3fhzvULPKD43m+9u6ttCb/hcqnnfMvBM0uW6A3s K9JRw472xPrwu5R2kAL1WO/eje4QMYPWxvATYGrA2Cb2plDKzkD9QRBa+OF4 NRBaZNAo29Kytc6wfiN7tyFupvuiWAV1G0OPw5gb7ZjRgalfvn+nbc3w7/09 8i9hX9qjxjlaP/VHo96sRVkQ7cvXx/3R+ND71CJbUq8/RXuSDnsq0C1e7rDi kOFG5LNFSnQUdBUzjaNg0FfMNY6CnhKugX8iEzoKhovxcDzqd8eLcQL/7fW7 w8mkPx6NB+PZuIffjUbwOVFAjM+OAvhzOu5242F3sIiS4aA3GvfCZDGaDpKk N+4NRv1JtFiAsBz1BsPBoj+b9vrJeDzpjuPFoD8Yqu3N2RrWNFnE4WA0nszj eTzuT5PpdDyeRoNoGk+S2STuxb3+aDAfx8MkhP8Mo96ou5gMe4vefDGEWVVB w4z60TCcjKbhtNuP4ul8NhgnUZKEgx481J/MpvFoHi76OGZ/MIqj7nQYznvz WbQI+4vJYIybujgKxvF8BsvrhmF3EsfDfpKMkmlv2gsX8MNkkowG08Uo6S2S aBp2x/3+YDEYLCbd3iAZ9UfdwQQ2dYGbmg2n0SLphrD8eD6ejeLJtJuMZt3J pAcfwnE0Go+643m3Pxn0Z5MZrKXbn0ew+GlvFA1j2BQOM4RDiEajbn8MIJ6G McB2MoLlLeAgwjAaDXoxHMKoO+vC/KNwtoD19HvxdDQYJtMwmiqyivzjEHZ5 xpGCfSW9aTRbdPtDPPjJbBYmg9kgmiTTBfwbJbO435tOJwC6fn8y7/amk6g7 TCZxPwl7C3Kh1rgGoGl3Agje60WzeDaNuvDKYAH4NRtF8aAPWNaNp4PhJB6O khiQaDaZzxVApLsAUMbhZNiP4ZX5GFAuTgaw13kXQDwP+1P4qx8B5IfDsN+F w1sAPAbdEWBBf9xDZIdTC/Hx4XCmtFmq118sFrPebNZLZoP5cApjTmADIZzm CDEZ0GceT8NwPOxPZ9FgMp0OJ714Fs4m8OZgNsE9wvnBCcH5xMNePB4tuoM4 Gk4X4/l0ACvqjuZdZUkyYPA4ns4AScIoCsNFFwCxWAznk1hVWNeRGo4Wi17U T/r9LixnOukhUuGIs348gh3Okx7Aju4jbHGYAM7CduIhnPYsGSymHM/xXMrE CQcs6NsKd0HisQVwDJEM9CajyXAyA9IwA6wFgE76+M142o+8T3Av7NMK+Ai8 PxgvJqNxgsc06KrHdhzBlIvZYDoaTedwdfoL2MgAgD4fzpN+OB8upsPBoAev dfuLCDAhnMNdCEf9EBCuNwVch7sAY0/UpAu3YACYMU/C6STpDaJRrx+q+jZ7 v/w2e49sM6JtCk0KI7hDk6Q/6S6G4zncktlkNAdqE3VniynsZDSPI7jWo+Fo GvWHM7ze4ySc90c9uCYq7kb9fjgCzIrCIS5zPJhPhw3b7P/y2+w/ss0FbXMI BHgB4nE86yNlSuKoP+0l01EIiDwHDE0GvWgSR0A3w14E9zTpTQbRHAhCbzyc 9UbTaTwbq7A3C+NhOJ4ORr0prDqOot6027DN4S+/zeEj25zRNoFAzwEk82g8 CUez2XAOJwJKVTjtDWLgokDhJ/M+HNGwO43iGJgl3OHFdNqdjwe9fm8UwmlH qtvt4QjwJ8xAJ9wfjuOm0xyN/gnnOQA0e3iz0z5tFujOCLlibzIbD7ujKfwn HIS93mI+A1o+G/bCUYzzAPfphePZYBRNu6OoD7x0ALxyNF8A9VVxkgAzHYZD uAIDYEhA/oFtNm52/M/Z7PjBzYZCjmawj9m0C1yiP+/Op9NZbx7GwFnG8WQW RXAvZ8B9+nG/P5qPhlG3GwGDgas6imHLgy5Q3TmI4sAegAcCcofzcDgdhP14 ATzbJcdaXiZzIpPkqrB6pN6QJKdl608kjx4pIJeDRdKfgzwGMuQoHE0GC2CO 8DVsdgLnk/RG8SwBsWUI3AyEkcUQxLoYOSwcR5Ko+kzAk/dMBrd40YWdjuGa Trp9QIAZiA8gO42SwQBOdjrpR4vJGMQNWATc4RBuKsg9M5A9EANGTZPBaLBm 4NMDlEAn+Gk6Ge5ZQDIDyaM7HvWAlQ6mA8C9HkAYpRpY0ChMgIqCFDqYTQHx ZsB++9EYBJokmoSL0XAGxFkDnZTyh8Tn3j9JfJ6CKBYBRYelLgaw1tk87g9g E0AhkL1PQMIb4M3vAhOP54uwB6rBaDxF5OoNunMRn0HEhAPsxjO4dUAm4VjH s+58Mlz0+iCxRPGiF08mIEKNu8A6kwiwAgAQDuewOLhqvbmIz8PxAC4WSJCL OSD4vDeJ58m4OxzOZ0Cze3C0w3g2Wsy6w16ULLogR4BA2x/C3e3PxyDyT0V8 BurcncGCFqPJaJEshn0QeUcxsOzBbByBJD7rDXsw1WI8my6mCcjUE7hsi3Cx mM5gE7OpiM+zRQJMcRoBEwDWN4b5+lEE0O0D7e8C1gIch2OYCaACUnEyAbUj GU1n40m/C2c+Hov4HIEo1O0l8yHc3WQcjXFVk/+bvXdJkuxmsjTndxW5gRaB 4o1xbSBFagV4Sg1KpHpau+/vXLMIZpBm3R10D48YFJM/k/Qwv3YBKFTPAVSP FjarBfgB8+m6YRjFugvghGWN0DsGo01zu7Ou/1tXd6wBLgyrbhZKdizE6clA wKCtBpIsbO3MN4HCoAoBD0RQA7qkztvLVz6yw4QG88aum0whxiJjaA9T4d9u A4kL36Sf2gO5f3xxf0Tu+MXcwO0s0Nlgi0LYSc4awSbjj3KGqjCMGLBF6I+r 8JVIRNv8Ws1zvUPutgv8ap5szS18b8WaiAOENx6y4GFphXZweRsasKfta7VR sHUAvW8LMvF5yD0UX2FT/GocOIbhAI64CvximeAOw3yWYAUOvRcmHZsnMM3R IpMHfHogdxPpWqPjk3boG++JUwKhEB14QZ9/QO4NOJIDJtCN0ch2sHMM4J/I PSwsiKAw8FUTGMeMzMC2qlgiMWHACPNuRPxh1nEHLKI/LoaOfy5Q6T8Fub8d sUIlVJi9xg7mFyvQ9GBROC4inY3JokPMFYZakYfYLTENgjwnnj2IWQMOOK4G 94Wt5GonzjNDXKPur0bub4YZn5D2hGFtYG4Mh2ga8FhFbn/qVAREo0VjT+DD Roai4e3wEy1Wdi8+iXHmKwTcaWpYu2cbe8j0rOMl/PmFyP3NMMs9TJ/K7Dhb CG4QBzF2aQS3rwRLh1ztwEZhm3fiLeEgDMIW/4uLYLwIFGdu4CKucbKYhY0J De0L657ti5H7m2Hag4dB3wuIbC6WpwK9p4B8HY2IuwoeM29XwmCpIrgn7Rxx mzjO2rfHF7XJ/Fx4EwhcWvXg94mUYZ1h87cg99eD7f1BUxIMGs9ILGFzshEL 7j7hWPG7mdAILk24aTzSXMIg4mhjRvxn9wWYMnj4VXLu63THEPHlVojSofnf gtxfDjY+3dGEaYhAAeUbbtbDGtveANV+n9kRHfIBydpKNbbdJvxUNBUrnoJc pYAkoZ55RMJ+xcI3wRcwgy18EnJf4D2CD1iQzR8NTJ0yACyDng6x3TeQDSTZ mAWQH1HB8+rrVDwm0fnkn0LuuWOpxM/FHOOBgRRjHx1q+Qoyq5VVBx+vHvBQ BlVZQl6gegLkBvB8HLlX4F4iHKcuAABIwrRKjwb+YZCAZDj+jDApc9goVuEr QXdGGaIzQMh35H4Xz/y/QXf/a6A7MI4t7p1jO5zhHQRvOCAki8eChEUo24yB B+jUGXCxPaGuGPQXn3HKE7pDjYa4F/jTQDjM8cqlWnRzwUKBrYUgmQ00zpTN U4VwN0wTimMeOPCE7pDUGD2uN54B+QF2sRdKwtPikAswunYwGP/aRnA8AjcH OJuJ35s6SHlCd7BkhHD0CMCvS4fBYCfGnsG+pSlgJ2wyHuwC+9nyCz2XuY0V wtHPJ3QHf3t2oGe40wPACAzypiHB/5lhB7Wug3dcx9fMjIDncwbkNRAgsXQ/ oTtBRk8/NcDaZm911Y3rsZOJMyMNcCmhdOEEIhgbUB4xZmhFqkcw/V6p/45j wIJ4PSAVoxa6g6c6l2fZOnfv2lYwdZ6E75qCmstX6M84J1TxGgb133mbih0W VxUAoZYTr4kHiZt47XIPrYwAgU5F5zbExnlSwCM6PlqC4XREsvQYIF8X/TG+ a4vXldoTngxvZqAA1qS4ggeKQr/GDiwQIVB+AXrmttaDFHzcbH4kBZ7FHlEo ra0JHGeexgmnsyWYEFd3ZOMz6RMohotwNZfCPE8wDvi1l3ekwP9Bx/kJ9ucD W5OXOXj0ctgfNWCFxIreC4u3gyOORbwtv8zX4phYqJrYF6s/SAHg3M/hcU4L n9VhZwXPxaKz7/BfP5ICvBsTHqe16MVRWV9I13L/JAUbz+5aABfb1DUKnBQ8 WbVFGDSWB4mG87J/GJSsxvEsGxnaUgHa9qeQgrcjviHHWSLxbUUdZtQGWi6+ Y+7Rn5AD8Rjma/zfXGyYeVh+P/gdnNt2WVt82aUzB3haFG1mAqojDMMVvpYU vBnmA0biK0OGIGJwpuMJImlpu54K1NLdkAwIiF8xN5wktoqpsQG8T3xZ49EJ FxiWjkcLO/7B1j17b788AP6FpODNMB9Hv0Z0Lji6BVARqWc9dyTwlMpg01pw 7nViXbOfVtzC8RM8Dvu2EwoGy8zWujoLvDuWnh37vgIuAkjji0nBm2E+KN7q G64GtmQXnpbDLGOCltwJbd2nqAPgVvmjnWraPDyzQSPenfVrhAvWrV/HdGbj 8cUxLNvOAgjn9Qn3ryYFrwfrz5MUrBQWDk9nfeCFRuQK5mzrNCVWqOtRKCVu Q2N7LAQDdw7Y1GOrWOrau12+6FBqEz2gjDoyISCf30MKXg72PN0RXqd7opfb oIwJwa0AumHg69HjEEQGh+oEOw42MDv2lAEjaHxkEkccpPdcdVkRsiOsYRpt Ez2DfRYp8BXI4Wp1BjlzkyDOWxHxgKYEwNTBDAvQdIiz7fDGrUFIdjI4W/Hw 9J87zodOTCe8XRux3iqRJcChmk6hwaxDuROTWYfm1Q5NMt0wsMN7Pr7Nl3cH P0UKUmdfWLXQB04ieT+7UM2GjvbT+SG4miGG2BexQNcoQQg2C1LzofgjKfj/ OtIPv4YXQFGCjkDhK94BmI7htiEyhC0A2wArWTYY1ejE+ki4j/elNY9Sqkz9 lhGDnVerC5oXNGKFzQR6gZcFeBI2CxvqYeOPGvHPHfYqk2O2R433vfKDFxgO qvoO/CsjGy/GjoSqtMEqeCW5QE2gYT4r2oKOeeEhUO34SlfyN14QB3gEfBqG J0BVYDiRubiRGMjGSCEJvHqpBOLA1wPY48qdX4Fb4hHcN16wDEQ7lwee7lj5 A2sBVNPGiuwwHTuwknzNxpfwFyB3tghbh4iw3t+P9AewvSVdNymFJk9wIrQZ auxWWGyO+1wfZqAkm0WUBT6sOnih2PED4ckLMvykLIA6v7L4WJ8p8o92cOCH KVlRK8UucrDfxB8enpF0d6fLaoLUgxcQwKAsAG2oxbJ+HEGwsW18twlMAf9H ARW+OOEJ8YUt4NLgOXoukPPJC860WTFpSEfAVQ1iCmttOjljM4MxJzxzYeuQ L5GXwuRDCzCSwT488bffU3zcYv+WYdSgMrW4LsC/5PGghoJ7g69JIows6CHQ ZFbaHOwuDaVlEZ7YUeUtJQl/0D1FAlCIekZzoPjcDCfR8XSwEeJwm1iaiV/4 3nfDlDz7OHloYuYV9vx2TwFkwmsx4+yrXsaeYE48Fp4Ittz6j/cUja0ga+br qpjmIcQQr/9JSdhITFRiSwyi22kzWyISwo4M5s2UFwzpRkS5QxqxNJgh1sSS s2NhQn8IJXk74vvIt8YJijvsEVvQLbOYiORQlLMzaJag23V+3R0YgDdYcQYM w0FPIN6YsWcH4zHhIGAJ54y3JuClEPZX31O8HuYT6iw8rVNCUMW1xaMrcomP QaXgsnlBgHErlQ/glHHEvTNO8BAYdjpi7GYerpNK19lQ6qMtKG+JIa1XB/i/ 9J7i9TDDPUw3FXdDTgfaxb52DY45HIPjbQEQCrkJ5zxw6AFT9R1ohd/KOO+k hwF7r7TZNlCUyjTVw8Imwt6rRKpfek/xepiP02ynEc0VOs4F+lEWMD3X4IZB nKGVxOFeBTD4qj1GLo2wS2BSRmjr8Qx8y3X63vwEz4XvYt788oTQ33NP8XKw bj8oSck4ZCAUW4+wt+4Tr4S3B/sp1aTIhU9Iy51ioIvqia9tgiWbzzjc5bhs juUaQUQ8bTTC1oBl/557ileDnU93REgGnHWo4vYgGLg1IaMpd1j3wI79mlqy VAdGzLezO6vyNdrhv7ZbwOtTLkBIgpsWfBjg3VZ3vp7PoiQOFiQcQMyGCVVl 0oDS8+JHJaaiRTkAtO4DgCODJmPEhRSdjwbHZ36KkiS/RdgYCXuah+9FNMUd Mf7IZm5Tt8uBUc41YBkbv7XY0dCYrINr92FK0oMuH3RC48DIY/e4JsYHAgBe KX+ABWPXejZbCD13swT7BWKw5/iC7/cU//9T+//b/+j87d1//q//+b8NAPFJ +f3h37EZgkFvAzevtOUCM0s6sYur4/xH0o8BsziXAmrC2TKdgOyihOTQ2W7f EpSwyO7AhuxNvo+PBEKLge/NKj/IB7yzlDOXlbrfdg/htIRTGwf0G/u3W464 oaHscfbkDIRjW49EV3z3yDXu03waVblfbDuoDBFrgU+mzqIg6E82Y31iIxDN o9Q71Sg05VWA9kHnoySCA9ByTg9VWyw1a+1XryGl6CE858lmQOduK3cenjzt QNM7cydo3nV4nGYAuDdQ4JKZAJ9mZc6gXTO1nH1/shnYa1GK+T4Em2PC40c8 BUALW9MFclCuVFp39kOoq5cECpygciDqGQ/0/fEZ/hF9O4wdPqdkL/jhbfnS wch4tYbdB5isMG/n1cETPgJtMSuwbcALtfcXAo5ZW/gF5mQLdcPhVDmB/cHx C2+b6r1+OcMMoD7xik5pFMFlKOMkTA+2fSpWexZ/qkx4SAycX55BhRapgVqY MXBwqrvrzqsCpIkB8vyM+C/0PfAbhA+A3k1SfAjwggh7yQalcwQXvBeBZiie djBd0J3fBgF7UbgH+u6QiCiava1goMxJKmmEk07qVQSM99Uht5xNEm7kvXtW tjPkYjb7Mf9/RiK4Jcf4BdYq2CNB6f6Jzvvt4BZvG5WwKkaZa5dPwzDgwbP6 CHxJujmO8HBY4i6dXeubt+b9n4LO3474DodTt/O4dJDL9AODhGrNo4PGsRR8 RIXPDkeFAtugyzC4UydEHeq0BiNtF/zETxXw1ACIWDYSUL1+df7/62E+IE4e SvKHp0fedyZYNEabWtw2VaCkBJSjoiDl1yqxwdLYznkAzRD53zUxHsyzzNkg o1heaxD+ieF/df7/62GuZ664xTwAJi1N3nQStkE5CyphbHRdpns2kyJQw2zn xh0SWotBPobucEcEJTlYy8wn1hm87hqAsTW/uv75pfn/r4c5HquJG8GZ9O6b KRNzJ0ji0iEmP8Q4D+zZ60DHCJFtO5CLN10n8iHzSrxN4YoNmKMERjgJCItN oFTm35P//3Kw9UEs8cOj6SYkQPl1dtbZp5kYYCvkLiYMMgQ+wSlrqDh1HRsU 3aHqMLRWh7VeeQR87uq44zx92IQkTOT35P+/Gmx6uqPSY7fAihxQOtFXg3CH wOxx7SXBS1gjXcHzd9qJL8D5e6FHgocrmWWel5sRtz2LryvvBWSCmabxSeic SH1nEIrTEew3IdFOn+0+KIw2Mr4To4T91q7IVyYr0HCjvDf/93P5/xX8BT9m 8pMKG5MzqPapfphyqqPyKoCMBt3G1n1UGRaBCkOoDnaa2ydcGEzYkceogFcM OojiwXDb6jGETThU9iWOf0CHGSdoah6VSTVfw2aXfVr+/7+E10FbobPN2xk+ n4F3ZySeqF0arJD/wVfrjgF0h5Ez2YDNPVUkxsd2+JZE5PkmIgdMSKM803QC nFWJeDBEYoJM1fBEETS6PbRsJ3AC+DSk4eITXjuQFJCYKHNK70qzEmUDewWP zUYd1Q4QBu6YOd1jhr1OqpA+fFUO3p7wGqKE0W9dt/kWDYZa+ZJ2J4+fziA8 SCXpnfnIYgst8JsH4cHKwZjj22WB6jnwlzyueA+li7ooBmj5A50dgLM5Xcie ZbdSAQgFNGmqhtwFtOif8FonBozceeXliLnZEhqGhS/eTZsX28/D1cmQ7/Pb 4FSayybnsTiM332u/vHF/RHZR7AD1qWDk1LaYmKEVnMFcKTFsPFv/JYughMs ZRGDQf17yjskt98je8sVR4djy7PjXTDazaRMh6/UGjgYDVgf2w2iN9uAPqGo UjkssXWVTn0astcpbFQqZeSxqqlROrabe4MceRuCEdZkDboCVLcKl/J30kbW u8HmHshehe3+rOECxBeGO2smRG3As87ZmHdeHKuG/hhmM9m+Ohgt3sF9YZjt B2QPxtkO35AyS5wGX1bxwrv8E9krw9hBPAGxuplrzheljsjWVS048exlay22 Sj6VkIaDF5tVehcu8U9B9m9HfB9IdyvlME1YuymJ5IBfDxxynEoYnQuiOiwT x3AezG1OnTiK5WL/q+AvcAGX40UtQhE8W5qFa9nVc74Y2b8ZZn4cXs4w++hb h5BhEwRXXTXHaUYkFuJVHT//2psu24l8yizHV7K3gUIlAw+Yr7qlFkBQOy0q a61AiV8RmF+J7N8M83EgbcBVWCicK47Vd5ML6pCSAS/DJmdruOUBYKpeR/At dQAJsXBZUz3g8CztFTqmsPGEoY8iQNWy+P/XIvs3w3xcL+DVy5iO0IFVhnn8 PpjsrkuFlSHyvKMTmRALGAAW6oT6cRHRdFhdZ3IjXxUnHng+0F9VSGbs7hV+ C7J/PVirj5qPCNpwBbwRCfWtp6YaxELgZf9tMBdOuUgpIuhnPTI5xtMPFJtX qgDpWq4FQVcNTEneIAE4dR8JIb8D2b8crH+6o5ly6Uq9PI5fVxnLAprjUJUc 4QkEWzXnO40Wa1z9DJWT4e0PgIkoOVhtBzX1BP8VVPJC/Lxr+a1+ErIHVUwb h0iftZ1K7lsyATkXw7fAoo4n5kdTtmAZLF7ZERSjVMsggP9zqUBFGcxBtw85 Kdcps3LBtxTB0x2EuAd4gViuyOQVgzp7lTdsUZX89vFzdwxHNXcWQQiMd5wF 4PROP+mj4u1n1wFHZ+EbDJOpCN2nw+B7AXx8Yn3Avz05DzqN7T0RlrA33Pr0 UclSWyVhoJp4H3fW0HAFqRXVE4FVVFDVWp7uCe1PySXOWSc7j4exf4TIwhpd 1ZvBIkxUqQxlEUGB0yCRDEDFUGos2+0ntJ93Kd22fpRCACZnmhpYq3lcLUtX 7J7PpYvgMifhpesw3xamTxwO35RxYg0Aw71z7B2OsFKZGTcYdQ/DqzZYMyZR Pb/slMQ14bb7ACxtsiu/1wewbFWH6znM4eHMpea9m8hGrCAfA1oTEHGkA4js YlhhO5P+xYCVxPiE9oRW73vm2avb0NYUyNyTXdtWGDo+qVBvUCDz1pjbLRCZ IFYDPAUof9YHEIgbW73gxXSKcQp+DMBI2IavQNU7nsJywBvq2om3xM0vqe8w 2+vkZx4QnoP4vJXQAYDRCiurf0uHRymHLEYq2pNbNKexbfOYQ1lMYTIX/lt9 gDCem0Mpk6p8ADgD+5b8qSQzZi+YPkTtEHOa+cUqj6yMqQT3UQHBgzR83Gx+ JA3LKxNPMY1VVWIn1MmYLgPVjGNnQypmV4FLH6f3yVe63k9eEULER97WB/xB 1wEQUK8MyF6VU+QIdzvjxDdkAT8o8os9g110D+QWrkf3RI74Bjbjg/VbfQAO GcoJmahOgQNMVDosubPmKygtbSiINchwU5EaMzqjFDDi0MB/IA1LOdNFpWFZ 1KnDw8cp9UX9wFBdVhiq51IO5QSh1GTOhTKPdlAEg9jxpyl1o/YRcQNxqZLA J6ap/Cmk4e2I72SdYXeQWfE4k5bPZFyArKXn+FxUlrjnaYsdRPBdcO/MgOuG +7k2btByEbT581KCkhCZpZ1trK8mDW+G+UgCCDxkMuaC3zhSTsFnWBb+mnlO NvBOXlgM1AxF4HsZadTheU74VfYffus6WBfOHbe1iTvmVIz0+gD5F5KGN8N8 1A8EfnFvOPXy3d01mF1acgH2vMDYbAsI9ewTj4j/a7aUboWxKlurNYJ9AUmy r4WFYMVTxWUENu2xLyYNb4b5qB9IDpucU/VwY4ek875qRCp5qxFVUnlKgTAB o6uOsnDqbQv0YJi9ZwI3rkWHDkfpqTsHR4DFcJmo30IaXg/2eUIuRC0woxzI sJqqhqGuCj0tFN+UqwqnVc0w/1V0rxx1I140SRL2suD3ZRClrAx3uD47gfA3 iKO/hTS8HGx+uqPA+8bNoo1BmCY4HjbccqyZSdyBvctwCDi6GPFKjJ1wQ9eV lNaHxEuI0pflCm5ReatsvzAJuLj+Wck65a5iO6u2wU4pB+iJ5TiN0QGYfdgZ R7FUIxrX3FVJ0IIambALaPg50lBFp/hnrgQWFg3SpOzwqJugGFJTsjY2P/zB 7RKYlixkMw9BKV31w6QBJBGUEr5ArXsp++O0vquDkKjaJsPUa4Kq4S6bbzqC Kbmq4kqpEBI/+tT6gX/JG0BAmVWoU4nBcIEUOkFapdkNYMLglRFWNXeAbFO2 VQLkbGA0ZHx8rx9QCgt818GRYIsAktp08kLUS6rQB/Vh70QUcHtJt2CPUhbM imZjOv9NURMIRBjd1Q/WlV3Mqw44fMKceQ94H/tGUiWKSdBAcf3gdEZJuIn2 LeOG/e/iWsKMWHuEIACSwLwlgWhxBcGZCjyOYgErklQiOwMUINyZ9fHJG3q6 Ezqh6QkgZlsX+73pEir5BJkAVI3au2H1gJ2WVKyaPciPN4/AoW9XAkMG6avX td3g3UDYp8sX4ZF4lex19VDH5mlAKgJv1kUtPNcxajefvAE2uraprg2Yr7p8 3eEo59+5Aar3IBK3HEFfLwB6HHUpog+9VF9tPXlDYMup/mFlbcUD9XYqL1tZ eebgyg6sOYomkluSyIEfum5gv7paoDZP3qAjARzngL/x24DerRKKCkkpDKWp UIjXX8oJKpI5krDecoHQqowRq7/9nuPjFvsjZanK4XKiNsUAQMZ+SdAc6G6G TcFL4WRZhym3/Ioihq4lwRSwv7Pz+/qBP+iewwN6nTgK4SzofC0rBX3JBjAj XB+UdU6dbMFC2yEIHglfENPASz61p0Jpm8zKKpA8L1a7AWS4WiahN8idX8pu gvVOyLkfypo7W6fVOq5X4c2PJc+qPWstSOzFhvYjVDO7/uKeQ2hWvF01XTDA sHmjFrxXeRD8d0XJzMjT6bDpjDhZsrqUhpldHn+MDtLbEd+SgbBvPEFjW58p 49/YTIx3LdbyIXrC7Qqs4MzsrcCmxK3hyiQIJJ2ywlRjytDrvbaThtKWsOQC ZH11yfPrYT5yXhIw1UkpZuzS+VJViIJ0obn3sYoQUV5JRxkFj6ZKqbJG2XER 52Lrsqh0lTStVvaGrrYlBnnqfllG8UtLnl8P83EmnlQielTVCsLNfbcgfbwu UUsnLYszElgKsC9Kc3yuRz696EZPwBdivkAIFjNGTNRR5VGCsAOVvlrB9M0w H/loKsLGExKUkwRZCcVL2s1szTlFSGrE41SAgUSHreEQ41alE8QzgHEdnnFd bNzBb8N2wJaV2Aeesd+jYPp6sM9iiiilGdUCjqas7k1AO0KMDDeNwmbzbboO eCP6sV894Bh2MmdQep3K3QOLx3aNKoRfK0nBFrQLfHiVlfYFJc+vBlu+uaOh km08LHwSG20g9DL0bakcluuErtxLfRM/Afz57J0YXRhnrdZ2q6ViwP20HY1A AUIVFlHd4idRFuV/SX1RpUYEzA6ahywWVWU6F+ctnSapre0gM5pv6y4mFYjM AcdeP0VZpE+HjXeJ1q6Kc+XRRSonOm6W5ELIYFaCblvRy6+5mKOXOjyLsMLL Yoafoizskb5dzr1X5dQvVQ/Av1x0p6wHBHRKN2iswga1VuyUkL6kggljiX+r L/jP/+uuIfhFnQMsf2adtO582TQHGAsfI6ARMYDUB4NXljUOaAWozdZBQE5H qZQQ1gpi21WO6il9CsaCTKg4UekrToeekWdAlgAWFiWXj8suSkpMzjYEHu+7 MW1YgE99tquyeZZO0WXXcZS6k8R9pLmsK22+LcwI8gf4TvDQHCrglfwoW0i5 I9/UUxsBu1ad40LhwMZQfMwU9sA08CbgmxGIaaFA3VhKO1v3wlK34ttxFs8r llxHkGM95oBr+FPzu2sTw1nSkrr/NB308qTsCJ22A9OY96ls2/St1FrZUuz/ +4TZJby0rs9aZbKUr+VTMMKTjknnlrxsDm1XXfNK10g5aUB5wndpyr1oWYU+ rBZ/XA6ucgTgT1+y2lNF+I7aB8C8VKDcPdiXV3bfVJyYOR1iSl7HejC3atGe GmvnI3W97XpTAQ9B40AKEgjg+LY2bBbr8E8V1A+vszKkP7jOPxKM6ZYwQB88 VyshagwJ4/WgFINhwHdDVm46P4BmAKx7CkW/MSp++W2JxCBaRnxbY0Gb6JZ4 HruFkVpUsiM0aCWVps69sYZrOx3X+K2CsiTZ7bqB6kfahE7CDUTxpGIUr+u8 tMDZcWZXlAofIgzJFtYJSbim2hdIN+I7wdiEwAwJCNqRSSK9BCGDfqWqVD5V NEDGmtTqVR47jwMdSBDC3cJxD4JRM/yF1Tj8UmdgKoJXDfViXoFH+wcCETcO jiVUAO1xHHn92eEq/yAQvMZqUQoUsUNb4GFwHglyqsUBSOX0BltbzD/hjtck 8Ons2Je9HcHs/CkE4u2Ib8jJUivPv+oeT/ftWSKiQVWuwQwCqLSnLWTScZsq UBFoIR6zApntqnOBqxNVhamHT+pWonqkGF6l1vxKAvFmmA9kfbCZ+/gTEuxN SZ/EYujS7E2grGK6kGEJOQfVchJfdYbU1dFi40MzsWdfsHgc2DrS/8aR3Gd9 9WWV5y8kEG+G+eBJyprQDSkfmFKj3sP5I11qF+u4JePAoWzvZge43KLzEPU0 JKK0RyKkzDkvIonkD5QCl5I0djss8VW6/K8kEG+G+aj0qII8qmmr7L42Zmud KDMjrtgyhD4VvCaGCYs4wB4L4SSVCYgxuK0DoLUusNd20e8YcXUB+tSx9VcX db+eQLwebH/k+PmujgVVJ4knJtZ09gBTBzrXVhNjtsjizlOVWTpMV72CuERB aGXEI6YwiU11Snhx4abhytY2Iew1W/rVBOLlYMfTHRmxXsXmxH725p48k9Cz U4r4FIn8EwSX62YS1Vb7JB4mQTfCa1klEhDLuaro/tbdEKFMWX65n/FZLRDS xuBuiLWBPabMgpxGKhhPr0pIuIV5cSk4il3KIJwNrVRzsbkVf45A5JsBCrME G6oRlTpy2Zn53OA76FL3ToUkTTqgSqwuvQtTsQ90OvpxAlHBUr3c8lYqx4wm OQedkWe/nIEkd48lM2JsDivZxjPh59tWHzX1f1MC8ak8ABzbs7Q3hnVBNZsl 24g1jAzICIBVPhDvfJbkFiDKKUE4NBBlYnbzdx4QQDbKq1Q978BzhFKKhPe6 BYCXkrV33WWCOvFLAKcojaMswaEq2Qd3zV4UcTKvuUzXBaqnE0KyESavBXTZ jS3anepci0+sTVT9HWCPv8+3KxNVd/GJA3tzsBXoqwmIq1nNiC67zhulG1lD Ns8SXMRvFp2vsGXO9y4KHkhfJF1mqiAGQhEOUnQq2UkD+tlv7gSmd+zJXXVm EZX9puw/377zAKAOVtG6ZLhNyUu9BTZdxif5fB/c8Ep1S9FZNyJ4JKHx5HFQ QOjdr9AiU6M+Z6NkEYU5F06B3SWBYtMtSJAq7NY/+Fwmdk05fokBSLHx2ccs VBZ54vxgL22D1LqUSh2sabJdJiC9xSRJakg9qFU3EL6XNGLQRYj99guKj5vY vD5sYn+Tbd2lsiXwxjZ254Xwc5G5VVY5bnCY+ByQqQIHj1R5cpwyg3QfOtjb tCw8VgFCHb8kEGxgxVaxuqDrkcKTK2vkHaZAWNfd6bgAbC5lNVcQbwr2eRSE N9dHQEO3U9t7qK/cNP00ObhvV4eoqgSDzSapuHtdEmDbiSX0zyrtpLY3EHPW U9+lgpmua6ZeASOArx8oyFApzOQZq2y/CSUdeNLGC40k8BxfH7oEEqtrakxS ggK60wmpyHUDc2PFGGCsjrgDUcEZmiQzivtj7jDejvg+NHRKUJPgspLDE+BG Sp9jZH+ImoP/HCYB5CHJLnA6e7OqJt0wuQHnn3iYK8iI8TSxge9V05XYLV8t 2/pmmI90Dt3whqDgkr1T0ydQQ09Ku1EFGuG0QkvY51bXeIgM7SEhFml6D88j /ZqX+aoDlIpPuG/H1ZrIv0x4/4UU5M0wH0UMXaIXbEKlwLF9HG5dqQOWNgCu stsnUZh9HULrun6XiqtjHXXCmvuYOIIF7DD2uuo68WpFytNgrFdM61dSkDfD fJak4LjwO8omFRU0G7cSg8NZFcD3UM1CmqYGoRVeFao6kBFAxi3jhRcnJl74 MN+lQRDAefgwaX+X1+ULv5qCvB5sfFzYzKWGRjrVA3jDB6PaMnWx/IX3hkoy RtzrUBgpOmGsWaK9TY1Aibk8Bn56+3yg/cbN80Cl/seX9Te/noK8HGx9uqPT D7zKu1oTP1LXUolbOhWN8ZlpDKMM0LYBg1QzVuCVe0o1JkjV7D7+u/YGCu2g u8d9mhQVcF/rkyiIZIB6auOoAYp6/IRA3AOnsQZqeTUlS8vX4Wh03A8kIF7P 2AlSTj3SfoqCQLwKsX8pouOIIWazKN8MxiPhTKDUnV1jbjuvphXYPR6a/Zwb gGbGj6dd5bu8NsYFViGm67zbb9YGJ2pCWWXedYoRjCuFedWySRAyzoHZbvev ajU+lYOoM7C04NQZT6drsxyxKJDl3WOz8BztCNOfObVx7FJqjY4NVcT3vnMQ 5S5A7ruug8ueKUnw3rczGxuOd1FvTxdVi380+MzfMEc/DRQOfB+XdMukUlp5 ATb/Preq1tF5uwpN41ONzs8S1GHSNnBGabJYmuDQt7sI+B72oLIc1YjCb5dr 0kXaC9ilTihHCs1HLTcKo8Q+FLLN5ai7iPatkrsoqVa5l0TzZTpt8p79dMLg oSz0BnFttRXWDVp0eAyQja86M1Cizf7OQdiIWwLvMH6pEkC6MS+DOkzJgDcA H9+0CSrp3Ci2eNwtKM2qGgfjFyrfoc6YOmRQZx6CrmKyzpBxEC33A3EZQ3fu WekHeJ+o4zQdAkCJvvVSXsqiuxvIqvUhyByMD2xX7kkmAjj1JIhZ+tY40jSc g711IoD6dbLe3zpKYMtDYrPztICnImL0CMg7Oq1yCyigHKGoTIcO4W6nOoku QUR4NQlLPzO/VMVpatRAeGVUW4fV6qcDJUxRN8y62WRvD/ViNh5ek4QqvdjA lPbUuaom3MKOUESJ5tcMO5QOAtjdzyOK1E4CLZsHlrA5d00MDrwCVD0lPJPH +GPWAmYwxN3UqMnDdZgO3RZh9ViQlaNt45JSzmu5Ja2UWyXFnfaNIH3U/sv1 Yfv/W91K7JK6yhEwA/DJlRWLt+wIVgsezwcapmhvmRiyYUaR53dVDcQBh39b t/IH3dGc5boab0+83TDRZ13faSMbP5nZ1P24VWhilarxUfKRMs7UTxnjfN7R GBOkpkAjHLwyyLD5oQtaYhX++6QfCVJovCTmkYea3I6q/i4dsPBPEVkJ4iVA MhsTvK9eQkP6HyF1VZLe3S5m3RgvzOxI5oh4L5mQyq6z/6Lp/bsJ0rsR38fd uKspFQF2mDq9W3dF4sdlpzP9dHWXXnmTttWAJ6q/Mbw/6Dgn3oI5zMmF60pr KLERTxh8VXtGe6Wu+ksJ0uthPiC1cksdwEZlsbMMHKxOeCWqQUjU22LjEgze bYB+VDRncbjU2JctLnXmJML5oASiY963HZoyH4Bwr7KffilBej3Mx3k+iI0t mnWxrSsmie/jWENQlU0EFRloER+YUo24p3uD9oWDccQZtXFWc7ALziABcyu6 ppLuDZ6hfPUdzZthPuiukzycTpyUk61b8Y5LyNImV2/jEO8zSQmhK81G7Af+ J2nV0L2pUoX3qZcH0oIFdm9egE8dnkp/rav6ywnSy8E+790g9Ybd+Rso71B8 rENCTwQlhqhmWUtCReFsrNIRCdScJOvEC6+0k3Ko0xWmxKKJ5VHiSkpDABv+ nrqUl4MdT3ekW0+ipul4Jjro0ixLsgrqToJbySOaqg7dCd3mXWizi1e9UR9Q q6P0fXctf+DMLsAiIYqAwwQWjJ9VzB7KjpK0OdljOURJfP4iKqmrVdG554oV UNDUNG2oo+1iGVoHwk4djP6ciGyLQCSRvLqyqXO5DsEZtRQMQhpL9w58fY8d CNWHZD8lHKxe5muoS8tHCZK0xIMOSiegsWJcyasRbcd5ltHbEO8ebamHBROj eO2XyiKknNVW+rd1KZ/KkdRUbqqxGLiuqUnhSjDZ4GPTUSC8uvqIK5QAa0un gG3UQgaWwbqmM763qibg2dqBuJh7wG0eHSWqJ/pQnWLZTVI2yo72bcZ6dG8I Ki8Rpzq0KdMFi4mASq2alTU99tMIR7BrAi+/78YBbFb8MMwN0/Jd51SmGlwC krMnR9LeKpJcNGA8vNRDWpy6l0pbeW4JCOHkh/rcgVYAv6wgPiNvteaGizw5 Uh9zslrSUFLhcO1qHGlHwghOF74H2COJDOamEjuXLVM/hyN/mbGB7xwJBhrV 8Lqx3XjfAu1QET6wlwlSo0bpPlWpWGMx0jQDo4cu7fox1TfrSnh2ZZvjpfI9 ZnG6Y9LhYGwSjaiCIXwFDD3ozuLu3eIfbeFHeHKkwY/Fj6p23ZF/l5iUmxHs H2CCW4lae3aJQ5WpFjk4psVEbRg0wf17d43snQQ5pVp166XAs8C7pl4oHnig NKhZatf5zlhYPsvBVC2oTrsvap4cSdcVqgGXwtzC6tT/Eicu7qf7m6pu31E9 xPtSWrluc3ZXd0xMD2zvLvBYCHwBU3ZUEcxCSW1HRGwIgHrllI6iBiyqxGON JQoPpTgWlOj65EgqZ2Mmwa9Z/ScA0CI18ByCAFN1JAwFqO2lFdZZmWNhQrbB 2kU8yv0B91cf3Xrl+vDW+zs9m+pGjtmYtC9hY/kuf+Vp6s8HT21qYAFc3hLb TsrjCjBOSd73PfbbGp0/6P4q6FokznJLwqi6CxIrhbrKyhetUT5SWG44G6J0 TZ7vxmi2cmYOm/NZo6Mua1D9xbSoIZlnBiBTbI3E0M74gZ5l9v5iuEAzwNpW 7cFWHe6LXuQHsOFuXRU8g7R+1lHbas/vLXF5leXBtyVPyt6FquAZdiN+TXUB /mNUhN+O+OYtbKwskUF8l4rgMeBw93AH9fm9dXoA7cXLgWZ1pLfVXxHLl+h8 ZI1H3fmSboiETnrMR13ubDQfX9XT/0p69maYDw0jATXcGmhV1BOnZA4CE/kF Syvs3XNSeyL2q3TEVQ/bthQG8L9q7WrgAbsWiIxPSW2/TXMH6y/hq2UD3gwz PquuU/e3/jHgiTf35ShC+RYFnY7aBLVTgW+AV0IkXj3gx3xYbJ/ioC1Y8aVk 1BlSOiZVIV4iOP/l9OzNMP2ThS7V3km6W0U46hmWCw6QVx1nibywbUEdCv+G 71RakQVIiSirN6vbtUsiXNHUwa9MrLZPvsT/HtmA14N9ZpVlOdQpydC+J6Hs SCsZEsA/pMgPMahQs5TMiaPsiT9KjPDkW05MnSDqgVRINlDSe+ouJUllz8b+ LfTs5WDn0x0dyMa2xq5jTf1Uu5k6kjR00lTz27yckybOkFq00hqaWmFLCpsI OVVMmAOOewPkprT0qq7l70zYz7q/StL2cjiHSKiL0jcAS9WgQg3XCV5spzwJ PoVtBLrj9bDIhEU6VrGVl5X8b+mZmRPG5kE7+HpS2UeHu8Jo4BXpmHs1QwYT gv3UD46wdHKVDkZZob7M1/s5ela3knOcgVOrrgiByCWfqgI36E7OaurQZ5Qb CaMvaAKDNiVrFoBJ/pkaHLbfp9XghI/X4PRhGvUq6vSYc8V7hnqatyPH33R/ UkGiK6ylEuBgKq24z/mAtq1/53QNRF7Vsh7yMDCAOfmi2eoApUrsUVsUTlXU fWpJ9SsBlcVmwFSW2I5JFwFFB/NMbnHTCD/rUSkPpcE9AH0bcx1VNQpWjhKa yOCzju2k6p6cTsrOeE3lpug6oc5q3R2p/fW8eUl4NWYMshP5JoA44XaxOkfs YPs9Od1WTx0IepIwpQRiK150QjGEQn1z5xBWeptK7SXOVsAQZlokGMVjdv0r 9w7KBzXEhJYIMu+b1fVPik/qKOeVr9QXpCxH7zH7tj1ToibstRrs71Kl6MxD fTUSkS37gNdoylTY6svNo9S8o8+ghBXryjolBMJaWHzJb3xTShMiVcmO6T4N yCjmMUKdB5TMw0rfxBrbXbWCx7O9QfBMI+inHT73jUB8dJ3T9eF1/lubEi8F ahBKYFVmCwceyg4NrYrjqCWKWI2Nxeik7jZ0NNZsqJnHhN++rcHRkRpTwFQW 9TPe5c7XNVPXeJVQatpYRTiYO7yqXW3jLJsER+Ch/H5NWl71ydPeKVnRS6Sm TWmisfAsLbvU2HJp8uZ3pqcv5eJ745FcUPdg8FK2V7fLdTf7jmoMQbSBJqgG MsMjWSg/Nzt1VfVoAaPDGzrk/YrKz1nKbWa4MPo5Tp1LxwMsGNMUlK2si3se W9wC186BezOf/JaU3XcG42T6qw81PAqnhczQTd2tSwWCbYmsj6OShGoexjSh 7E4JGIQCECgeGmcSdg+pAdugjF3GD2tPuHe15Di9Euzu/lZdfa+cmvg0r7w+ 5VE/1ON4jeZUDbIhmL3D03MD0ITslrojrPOj3LISSFW/arCv7t3UFTX88Z8U 6D9UOwTFkYOHeadbn3wQlkuSjEL1yyKEN29V985wX5ATyeHU6hDaJOkIsTuQ UpiFOj2AseCY0oK1zO7szuUUmjA3JLi2Wga/rZOJrlk5/ap/Col6O2ePpuZq jVPVW1X1Vq4SfqPkG7wOwXWvuyYYht/EAca7bEMlPc3FOJU/UDwIYBDYnXI2 A1AWvGPNmI6vbpT4epgPEsVqw8/vdE2dnayjxppnHNzJGMFJCZWNjivuYv0Z vHrYw6pdOWx0+OXA6eq2SweLul7GhbHSysb/6kaJr4cZn3XgkplSnT7sIuo7 nU6iDdNsUq6Zyoroful0R82uk+l0kRG6rZv9tnQYpAQnjH7pfFOn5/3o4v+r GyW+HuaDROHmbTrt6ijKaFCnADeSEsypSoFRo6xMEFF7d6gyBnkI1UPqbLnG 4AlP15KiUS/KLs5R57F4g5fD/IJGiS8HOx4kamz1O8YlidcLp+oyBW6rbICu 3s4w/Z6OJNoglKEEdQbBl58DR+lKzFj+6qr0jRvb4EuUoNbu9j2/pVHiq8HG pzvK3jUP/TuJCNOd6oz4cJLq/15HnQhBa9kNwC6eaN56XyCiaUG3W1vXQEk3 Q1tdJbAIBimpkj3yZ9UhqTl7zQQyAmu2vnEkqjSWthARJRLFUiV+mxJnhQbw MVD3oagBRnc/R6LwywT14HDMu/u76VsDBJWUjlOixWnq7hltmTJDYFiAfksg jihNK//xO66mqztcXgzM+Tzq0uXwITFqaM17UPBu0sTzUslmUVmkLTVuicat MT9Yh/RxLjRVg1SVK1zLUY2AZAfVuA20rNsNf4bcB/BJxRw4vqrDiRzVzjtJ S+S7HkEANIfICvQlTbTTEij47CQpkXgncbEfAtBXWvfHSUV+eMmpp1uF4xLm Fq9W2wCdrKt/9OAJsY4cwPpH5TDwz7wknykohE3tpbT8u+DryYV64j/VO1O6 My21ySZMkJAttYsoYVST587sgaUeue12+KWsFXVt9K31uxTSmAb1mmV54f9J 0sg6cYtbslWAPzXmGqXyXDtL2Xyx9BBElnEq37mQSjyBvKM7bfWBo9qmboDK peqp362XWTDTOXebW7Xb+BL1wyak1riuApEDhR6VfiQYk9pHCaHlxT6G3qhl I7Bcl2ONLVQlZgA6HQ0wKvnyb/dbMwueAqujb4DJE6WmlBu4BDZ0q6qfPRNm qsiwoSpw4pDjXbeUvP8D7nE+amLu+rCJ/a0OqekAkpgJHhqryOz47q7DrH1Y mBwKm0RZlFOKZlkt3aRjoXYzY1p+W4dULECLXSQQpwnLWEzlgfbGwK7jpXjY bpJfktQUlP1Saa06r55jkz0PUlen0CVc3mPGCfJtTFGCsM8k9X6A/phr686r F5io0lfhpReWV6bkk/8YGibfmfBLBqVKMrG6MP6Cy93qLabvl/SbFBWVWXHw ZU5KGx1youTIi6iPuau8w3mGzL8sI1iA3XhwU8veUiQnvrFT+DQY0BtuAVrU 1aLYP2kYJu+GkqVx86YUt8Sf2V02wp77sds8f9LgzsL6hJ2kYltY3/hn15v/ 4CGuS9wQsh9VGzkWVq3DDa8u5loYLZ5n6QF00tD1R926492/VZaie2T+GDDR VznaaLwmgF1NvEGzzlWd7wVTFm6qEwNS11712Jp1pOuPkcB+O2fPbtg+skR8 04rsX3c7zpNilWB08aB39fzEJ8v8HJC1aN+5JQkyLFgnqdfpvWI80nxhMoHu qoh7dfvxK2nYm2E+4J2pgTVWwFih0CoBdLERY1RYLXWgoGurXXJwXvLYEbzk +G754ObTUufMcsFM44FvG47e8JmpbOdedjj/hTTszTCfGZVLXVYEMe4eFw5I 4nQ/DWYi6vhUYVyKA3h5NYJzSoMGRuGza5Br2wqwQwlafsxT4F9e6l94ia+m YW+G+Sg5azo/BooCPgjnvYepDt01SmPs4GGUw0H8UX4Jbm/6pB68+N+CFwxV R88mOaLYBeLr6crX8weHN15n3/1qGvZ6sPGhZIIT7a0yxiBdbOB9tQF/zHdi NXHs+JikpQukScdLIbveM6Fet4dQxvjtMqlE9spv6xZs1LN14/9baNjLwbqn O1I4lTKXlVZ1bp3yUpWMBydb67o8IO5hkEvReEI6ldQUk1OmnUiqzuCvPp2T ftTEkO8y33Ny+ywJ7GqS4hPDVUoKb+DUYrVIcjvnvaTVAa6Q+qtXt1LCn9p2 SoUGr1Ln+Tk5iB6iWltutwvfok6mXgti6hvKgCvOKunIlCloOgYEIOgkFY4d Vv+EuyyvlhuHh9Y9Iy7egBDwrwPAZZkxqbP4RGkDZCOxRodL1Ja6r7bABh+t xfo4D8tD/fY6W71hj3h3NRXbRQoDfkgT/+QZRNklmFKkLw7awax8G2p46L7z MIH4djqoEHYmlWNMNathcnlc3OzVSlPHPPCpKrmYBAEdHejDB6xcRJS4VE2R debFT5RsIKHmgRszaRNtD5HnezGgoyy1BTC1u3YMF56fPEzatkswve7CarDZ ASTEb3w0+wJko76p+Ds1PzmHva5GrZZPaCNM9v/31ju3TrnI8ihQT8sSSNxs RL51So2r+OiU1cZMq9yiN8iKL7oPkQrpXzysYKErKa1KchQbfuF2yk59SLr6 EjjVKp47TU+jdWHr8mmI6cEF1qXbD0wLbGW6/JlKoGLbAyHq0CET3l1NHNhL liWTiZHpwM1J2EeJKU8eJmGSCNhWjS0bECjOvEIfWQS8wmoQQTZQArtD6NZR 8Ijdyahbg4/kZ55hlDVX1Vz0IXblVYsTm+OjbEApBa4MXp+7OWmps6AgSHao 6jNx0H/lGTIPynFtR4h/M20ZR4i5JrXejkoWaQHK3MH3eCvcSXRCmLpX8jyr XUNeP6opkNp1GMGrHRB5PB1UzCCr8jbAW4PpwDbx95EgjgMaUMbk2zPPED4M T17iX+rk5eqJvsuhYK9dfa+gDWyLDSsKmALYn2VX8iMkv+i88kkSP2r/9fqw /f9IEgHhWDjeB0cUAtyDkLeymkJ3qZEDzQynpdRB1lESJKxFPRljP7pnCm9r sf7PXd1fJLEp+3coE3mpxB1uC3psTTW36s3U2FQDN7k1MiXJ7AU61uW207Uo cUUKAMupdgWm2RNGMo4NgOaCV2G6RUKsE1ytfg7qcgXbB35WnBUIfK0HSWwr DuWxQznUlDYvJYV3dZRTh4ZjP5BE5uKoaJ1l2BL6hN8AH16RROY5SqLVq2tD VzszNQzPanCH32FvQA50TqV2Pw6XtnzzxJ/LLXXzPRBXtX6o7JMYmMjTmmQB TBy3SrIXDFAPwXJuDJ+3YZKKumgXvw3Pla/9p5DEt3P2aN14Fy3d1UjpADct xSHnHNgSauSnenS8pFouEC1mjLgHfMJRcxY+a2p4rr6cMUK9lOeCe+hNklpf TBLfDPNJEt1c1XYQTlYOY5T4p2R6ibHgMPxLv8UCnQpzp/gf8VRC83he14gC abgrqdBXTRwwGa8SaCPavVRu/oUk8c0wHySx6ZlBjB04SnBUG7/gWt3g2qqD DWVQsDRtYdWHeITNO7UMrxOszsrWuUGmIsPLq4MWDq6cm498MUl8M8wHScxD mM6diS8C09WkY/Yz0kjbSYJqrBh1yErQ0YGuyp8YqwOzqHAyJ/ZtungBXHtX koIKNprIyBsZvV9NEl8P9kkSF7F1z57UGZW9KQULQgkbERcqcKjAMMoJXQfz 0y9Mvioo8Lm9/YKYrHbxxFnBvQ0obUoVN4D17yGJLwfrvrujsoBbnhg8tyoL m7q4zwItKUoeiS0QgwqQjXgUeyRmEaQKyASwElVKHXWnzqdHlJCw6u7LPGAC +ySSCGA9g7nU7TCweoBLlSVW5i1TVCRsDDg6atWU1OzyFhqGrd9dV/t6KeP3 PuFxqlcikNT1ivt1TFZSLhQAjL8wV0C0OiDgtu9OdgvkiWvq6o+oPmgfJolq X6I6fid1orOci5IQtEzMLMz5ZrkyoTOoW5fhVLwgBQGxqlrElfkJ9Wgf54kS UpY8vHqxp/sibjJJ2KBEhpfvOj5JYIJRZx9q1I4VQXsSBAvkOut3nqhQGbUI OKJUvdqwDN+wSzjlvsu6K+QsqC+XqdMRezUrkK4EIuv7XOnuuKNcCNA3LM2i 2nmBReOBfsuKRUPUUqHBqfhzbWZlatdWFy7vyRPBrsd79Q7Fm2XmfRaoCF+v qw1xjLEkfpF9UiYR9AhkVZssRJB1ftfsAKs6H8G5XhqYkOVmBPAaQoHnq6IJ Fh14wphnDGhZYndlPrJWk4bfd57Ypfqno9fJdLEZIJ78h4HTW2VLAn+JMXHX xFNckEyxGiuricvSGO3CXWUVXCXJ3QIV1Qd86UYG1Ai+VudTNUqeAP6ohtJr QBDVTuHExXPakyfi6E2F5wcYKQLErmQyVY0HWdAdtq4ypCLYpC8LFVLljkT1 3N3A+ptmh7Qn2Mc6ZgUDMP+VgLlr7fyuEiSm92qaqfo6bITt4Q4vbn6onRRT /Z0njgSbAyF1SLYDtkd1llVTBUITMLLDNqR2GqLEFqJOdFufKi4mIEn28yKi wcIObiV79UlLWQpFnUigquOqVOiToaF24/0psTH1nGP3G0/M7skTF/M/PJjb doaogu6hjVXuE9xKCAWR80LN61pVbXCbDk48nuYG4G78AfeYH9166frw1vt7 OulQof5mVaTZh98DHa4R1aRluilm4CUIvyUYpdpB8+qNhAm4s/FFb+vR/s89 5n9JJ70btNbmalcdosvS/wD8wCVTUKH2HnOyDytrbXk6u5/PqkB/1gzrIvKG AXcBErDBcE+sORRNnYI1PLXnVbPglcQDnAR1TvQNGwhTQS08G/VmHuu2P+MU 6eXi36LOq0ZWP+P2oyh9yf1k9R9gq6zQdGCRx27nnxS13O3sapcWpUBcUAFv rhmPFKXIogc4rAWkx+s6JYKXVceV4m7DNh9iWZXW6pX2kBcbDSdViexjY2MY SE7q4MhKYRotq/F6ZgmwFDWHt6v/KRT17Zzd5U1RcmVqqk0M2gTuk9izEgNq orFeTklOEfh3nAt3Z5CjYxpoeNfpMETh0qqqKfWA6mK2YJmyXva4/ZUU9c0w n52UeJSybXQ41nApoC21qa2lLqw7tFY6TAV3opR/wr9T2xAfShilSQ+XqRhX m8AioGaTsuu9sdUt+osp6pthPvTeZyRE5NR0Hj+6su064VNiWiDG5ZcUQhyx TVlpju2lWonKwnYlGQwFqj4v602NGYwdzErzMWat2BdT1DfDfKqI4FWkCLmq DI2fFmKjzaJKfjVk1mGqMEcxwqW7fTY2iZsBp6m/HsgTRsSoUqjg6qYizKZO B+f33GO+Hmx2z1a+iXcr6s/uTI2m2XRp6uM9BgnkqFFKVtlyU7PL3UXNYGhQ G8hf08ExgV7NqVfcUHbMA1heVfzyWyjqy8GepztSe6nG0hJ6kj8V10MY0k06 z1/VqdN4nVJFcDoLVO7NJITjdUCcO0gGN7cLPsfrliL5WMW2qGqj/EkUFTTU VAYP78l3DwUmdYISF94B70hIBOsPXXDiCoFyQ/waC/VA0rpG+ymKGqRIHtVs iOGA+Gt3WcXpkZ/Imm0e4Jc6NEvlAIgFmuhLHUmX/np5afpTFHVIBOx4NYgy r6MgZQIBBdU1TznBUmS803qCXA1MJtUML5/2uDXrP1OTd//Rf/sfnb+9+8// 9T//twWXPqk51r9sAoyLtB6GhFYs12JJqusEyhl0ZCBNkQqPAzorwVFcpavF lLLyZwAWnO/kdmKpQRdq90UfeGpV6TQAQOV+qhuu+G7gb0yfl1EPdXEpnYP7 KNk6nAD7IN+kUUlgkkkKRN3W4IrApFKtd3MqvEpOMA5ygy3WspXL0b4lo6oz lU8BlqcGCIAfZWfi9vqpbmFjupjp6qkKP93qoX1A9k43X0k1iO3bJai55iVu nvl+/ApQyWEcOCapeVtVuVDY2Cv+N1npEkEdzakZNT7jv5LbrHsNKKWOC6eO VyrOGzje1HRNRy/FDZXLa159ABiD+JW1DNDHl/ULsiwBSnhZZ8Z0cJl7aW7P YrmPCraBEh58e8M/ZrXeKvOENLryspz7dgna4zL1eWaNOpER42VJs7pV4aXU grsAbnNZK0izRarxga/kv6QJucL4xqQ+us7Khf/gOv+t+66TuevSFn7m8BHK BgagKnlN97TwU1aRxSnJ1N5VInJFgrEWhiRx3zfHgndOCEZYQCNdBvEyAHdY MC5dXRZmDepHQmCCXe90QSuCEgpOxTumqstLmIWUrwpeC08GdlFdgFqvsLJq uSslxQA1cgNC6UYs7Cp3QR0c9HX+lZC58YRPQYkOqiMAEe7OCRMgDgVSwtnE OxGfWDX1U2x2mMmgW2EY14OHsKMlkOdgcmx5p0tI6P488D1WAKwxzrMdGTwu DunsWS7q9quT4vNj911MckiKbi+wZKsP8c/cwj+VP2BkAyMOCg5lMUJ2WlsR SjXVIkRtW2GLGIBKhPaMktmPnsFutX75c5Tr3474xjCR9YrssFmNTdOl2yOV 7D3lj5WQEG8ev4dyfTBo1Y50zzM6nHio7427tI5HBYy+JS/VkxExo69mGa+H +ShzOvimaK0dfOa+y1xEouZaUAwvjVY1TDflgWyGUrGww97wSg85B9BCjMmX l9aZHyYp8Tx1QhCJ1l/NMl4P8yH8HXRg14pEvkfh9+Rj1QexSvUhtx2V8hy8 X9rgVVKmGDevMcEFdbP27ZwLsJZGXsA9r9Y9E+8Auv1qlvF6mI/rkjGNAGXx DIl6zynZUPw2PgvQoO6XZTSddc+g/oaSeG+EGZdWI7iGu6SjX079dHxaalmy 1JVqJkLt72EZLweb5+Mc4Kg3ZvcYXR1hbMGEVgwMp3QmB+NtPE95HcS9pEo+ aIWAKUjd8aYhnXJh8YB7dX1TYs/oRWK4v4llvBpsebojHAcrtdSNp41dPIhN XX1CVr0zwUO9KDvRoGQ1bSpRpTpimeoa5UAmCa8MTVbO/jRlae2oZCLpF3wS y1Anj6nWmiYQUgqhOoyjWzh3s/fpYwY7KamAQJdVOBRgSDqasp1hjj/XPEu9 CncgnPSkptKqSYj4Z7U4VNdSbB1oNLrkfNgJQ4pqOhebUtEf48MsgzlW7Xh1 chHJWlSLCIkjEQiqICF+ZEu9jJdRNy+xdjkgXfoBoeoHi9Y+zhN4uQiYUEIO CEE0VFpikgsaau+sOvVwM/Ap7VKACjunaqqBIES1vwQ8jgqbC8uhZnbtHn8u c8YlGaxerPZg1cE9iS1waNP7tLk3Jqmi33Sp9hu6kkCXPgOe3NTrj9FyV+O3 qgz1oxNvIBbf4IDEqzVWUfrsEtJ68oSVdwTAZz0bdiBAvNTbtUtBt2kAahV8 OlCstVb2Vs89iK9k+JuL3wQ8drqL2/CjUPwW9qkgYZUoLRVChGb4R1AWa2o6 vcAbmWKLUuZyt794AsgAeHYw0Ftu3tR0lyjCnue1mTNsocMCdMmlatt2lgEh Vcy5egx9wZ90EF3CQ/QanmBqrl6UJpckhQ+KNglLjq4G6iNGnUJjbOfMbPUW H7yTJf2eujMn9HkBM7kX0G7Rtf8OTfLvhLvIY2X50g3iL3VcJ8CBYMMfcNnz UROb14dN7EeK0icLm92am0lnxaJEHZdC6xSKUntapfrBR5iZ1CLmRmgCEzLT PP+t+CDbzGuUByJZ4FjRxABz2Z3FcU4JnxhvUD+MBW5z41odk5hpqVcxS/CJ FKWqO+OdZT6d/DTE1uRUdV5U0tANURtMEvEPyAFFWVsVwfoXj5G3B0UBLqm8 K0C+ilaGZ+KiI3NbpJfBv1fCYoPPLdN9lZp4Sp2/4ztVffNjSZiuq1M6A0vT 3b31UFVY/0+KUqQ+75z2hWcGil9qMuxhwsC5YoLuprMaB6VW/3bmOq+onA2L yrX9UyjK2xHfyTHA7KAaPam/qtNI2EtqV6rtaaLtQXNpYB72+mALOIxkKh2z xdoFh06/4DeARVO/WNXN6XqN2P3VBV2vh/k4YJ2FPZ7jiFXpbOpoPsF88H9o SlSfYvi7sh0Gi5nB6EMXe5KRJ9DKt7sQzmU4LcPM8H21ZGVtupi+ur/vm2E+ 4Oyada7Mf4cobc+tEmQAU2ohpF6zGsq4kH0UCOzzNACuzjMqfpnVXXzhDteZ ktsRHFpdCjqTOfFfXtD1epj92W8qKb2mqBxv2MDgHqfP+F4pv4CaTj5xHjVi F3QqKxKmHKhETtWdoiZHQJHGYk+1owDexg38t99DUV4P9tlvCkoJJNd5S4pe Z2OFrakf2AIbTGBFZSuy3lnZtD4RhdX9jtWb+F4Q8z7+Cs5mUAUATjzXptqA /LsKul4Ntjzdke2ubJKpZoZ7qVqkJ8HuzG84Eyn1E25q/iFf3uqtt6mOoCqr hZD6Ga4FwFIPj3kysXK3E8Hwn6UdnwhDoCD1clEJ9Jw68yPS2ogn3r1IPZwK 9t+lSeUE39lCwARgVvKva6zeUxTJURW1PmCd4WpuSx2vStybOL5gPeDDE7H6 BXUNADxA36hDbY6is48XdEkeWLl3Ngt48wC5IphHC8r+01E1jKFkaYoQNtT2 Z6pAEgjGj6CY9aMFXR/nKNL09nzIms7lg2CeEvEjMBamniXWqkMMYl7LAO5z TttB7YukNsSHvnMU/oMA0De/ltJQpYkkYIgbhAT188zqSKlMNxfMqxg6gdNZ laIKoTTHNdke9b7hDAC5zEYOkxVkJXmCVG8h2lAmybfzm2e6Epo6vUrhQw0S nxzFAfbVomnrBjS2Ar2HlfA4ccJizqnEJ/s7rWOeftRZd2jD6g58goaeDX6D 96plVj1Wu+tBJRSmAhZIMWhuSjjcbX4UVHujMoxZYf3KjjJzfxV0qdXw3jgd q+qSoEP3nHS5ARK90wDZjlk5fm7heZPqPWJXo5pR1Kd7XptgOobacbWiblcq HZPOGXxinCJ1duJXVHZbSTCmcqAveUJ6lpci4TdhjTAZpakaZyYVoFhOqvNx sUpTqW+vTKKh6I+T7KurBapadsWqU+bTnol6TobLHJsyBOAJKh47C7CZ1EBd aUO76xAdm2rCxSdD2qr0Q4NyeMb3RD1mIel2MC4cQ+4DoBRwQ5ClAhhpRz2x quctcy8SsT9dFLD21qWSCG5h0uQXKyF9gUAnHly8QoVi6j0NaSi5yA8kojee UWIkA5er+6DR6ngm6gVpmEfJFTOpsepmZXlFga22OL3HqMIDZltNyQL8vMUo I/auMZv2vaDro/Y/rw/b/98KutT1rCs+KYUvE/72hpHfOesQ6i56LUn97XnN 4QXmlA8GZc0V0NfeN9f6c+54mvTQDMeFWeuGUgrMIIESdlYFL2Qxq7u8agKZ 0ZozRtl0Wa59PFJ5EKh5PJNUeyRAeCUEKckuJSi9U5PZntRpZzP5bIS06m1/ gEV2uioy/frxjmdH1YhvtbnLrW8MkpjkX9zxLJUii9YXDKcpi5KYnCusW4JA Xrr0eKDu8CsS9V2lY/1neeY2Shz7TyFQb0d8E6hUK9TIWgta5MQ2ZC1G9FBR 9TlzYLWgrnQRhtoy1Le4k6STvVVvP+D3/pKIxH0PPU6AP8Wma/dXzOKX3vG8 HqZ/puPciXBCWD3cJZ049pok5hJHSpKBK+qSKMXzpP7eTbnMW1muRRz/hty4 TGloEISV/QmcSLrm/eo7ntfDfIJtmCuYMpvqSEFaOKlat8792A/tdnuq7NMp nXU1IdzqwgUg3VHnFbvy00tlAEJIY+aIlz9zKC/lq+94Xg/zccfjRP1UXF3v aqbTi0D4UAsYu+XGhrTB850qnEt3yv5lvw6FLQJvFvJjmPvOCMZjAbe81nSC C37LHc/Lwa4nKQYnYGdb8C/pHkrIWFinhxw3nys6ccO8CfThLB1HMhkACIP5 Kl9b4kXM1Ujq0CRZYwA44IRB/J47nleDdU93JKGOLP2wCIqTUs9KZeFkpbJ0 CDNqQOL8cUr3ACIS1tULSvIPAV9cvMdor6nroKOhq97P1IzW0mcJE0IbQB9T F+I6eXFHNFaNB3ApRcV3SryOdZ+RDOgHke09tAPO4seh/lwmGV4q3MUjxPzg h6oOPQRFOawJBKY1B+o6JZ1YlVg0OIqJYa1qM17gwwRqKyfO+GaVCTfd6ZcC aMosDcDOWwIoZ6nTKadcFTM63PTS9AYn7XM+odjpE/LBQpeUF7TWScTcNl5A /WgM9qS6FtDxOuuoLNSSgZwk31qVdxTajK1951CYcVMa4fYZOLLVL+oUtbyv pQE7LChlwDw/mCqOGS1mSEhQE15xjnAFoaW77Yzap8IkdOKelP8qUWNwKyQo KYWd/Rsxn6keYMz6LT7OaJ8cygxmoipAwKbKVRkzvLAPKWNGdeEBsvLyxd8X NU0yAM3vMHKUzF3MTw5lN/xL3XWJCldVdAPqGBGf7EWlDCM5iNpQFutSx0Nb bYg3xDAgZn8131KDicUuhp/Bmxg42/YA87oDRuytU3EJiPmgY5uQLLMWgqBL CoFWLgekVX4prnqo1TYuBI6xo2/49iMVZKZ3K6G29aYgzXbf0D7c0KgqaH5w qKlmuakUZqfAiT0OXbZpEm+MrjNeWINEKHGpECOpmzvxtruHVX4I2MOhJtHA sabd71EJpxCfRgSJnd9Kh3W8tUZPlAhRlBNYUz3pwLOQKUv9r+Zbfp4qSUWo YLl7kfQcVN9FnDUdYuq8evIN6fiosgf2WlYxnpf+UdyX5nKpAIXxCiwPtdcb IMyT1PN4Op3w96Hjb0x5J0nvQBq1LYO6Sjw5VFJV/1hNlVaQt1yOztIqY+xH /6UzVzwMi8VLStHRrek7BgYwJ37uP+D+66NbL1wf3np/S9ErqUJIrDQDV3aJ O46J/3MSrImS6qqEbcmNgKNrVRM8cZimD7M0b0Ubwx90/4XB+hEjkLipKTiM ymen+8S6dX+kWjuLTLUulQSjTx9Rei9B2z6f+KBvARuJsKSa2PaGca54i1DA lWbcY8O1j+4Pez7qaEd4KV3JDUSUiTf4URKRWcdqMVWH71DHYJ+iigD/Sd+y PA5zlwp+Ztx53uobeFxo4nVQ+wy/GZJZJVxhPTN2nGBqexNYd/hj6Nu7Ed+Z 94TG08HD+G91KAUPusOySVZcfru7qKz9KZ2RBUZhJnB8hEadvnfc3gQveekG sHZLyYxqYyEknL6avr0e5gPw75AK2xBmmu7UO/wu0Ge2k033l5BP6fI4vNvt 4JfKlltaIadl7BTJ1ZyrzrBH0PmXBnimqgZfS+D9Svr2epjP1rNHXTwc48CF lCbu4re2JuCPNw5DIlPH3C3NiINYQ6elOAJ13fPKuWz9gry3uSYEqVfCPUi1 Exe+mr69HuaDjKtAEFAvuJITrHwv4iG7ciiv8vDyeDOJlQ81fJUce+t+bctL p7lZ6R7HLnU33MLAXS0onN1dOl8JrHwBfXs52P7Qld9dFxzWsVbzKk9bEs/P OnNlo0bcdhyxb9U1Lunp9TjXiUQ3+HqfxKRu/WoB742/muq0pPZWvd+6Cb+D vr0a7Hy6ozMqwC8S9Seho+oYkw0b1B2RtSOuC2D2TLiUGtryimlGHCCYspCE k5zXRXQupevkAlgfeo8G3PwsQcOpiCY1DdUxgVuHl/hVsLv2pvu6JATqAv73 AALVgoV5AC0xYt/UtOln6BsmGYaKokrZSbplpnYnUUBGTfX8SJJIJ9wXVa/2 qcKwCDcBAifl83ycvqnpRGxbWfBKclJ1xVSPJdVPs0wEj3qz6qHLBpVPB4Ki yRoLvrP8oxAoefuhHder5lzY4L9rzlVfCVz4f8f51NawAzpNGg1nRmmzCRqF JSDAoNWfWPdO7BSRXOKGU3845kMJYkXnYDlLyj019RVIfWDCU3GILcvk3Z1I R9xLmQYFCypFTYehkk3Qpqh3y1+Xb6bKaXZFNyk0LpCSmxi7WjvzbVmaEhvy IpJtUP52H2pBWRhCk+pul5pW3qJUSqdMAp/wfTweMc7hLyO8TC231CVZaV/g PDfFfJTjppT9rRbI61KT8CICBNGIY1i2EfnWrHtp7GTyU7GJqeM1rzr/bdLN VrGYUyeCAFZT+fR1J8JPm0VvG3IeyUvySkpKoFzwPA7A9303h1cK3y1r2sa3 XmMAR50S8Ejga1Ju/dR9OFQRIM7Q1pA0E2BUJYPqH6CMntrFLEVmUq8XcHIs qa1L+tpgp0nJp+o1A+SF0gD2xb4Mf2OqOByL3ViG7qIbJg5iffJgr+yrqGKw Bv7xnj8/RVJ21Q31WM9wgaIs2uVEOWLQAQeLpmbkBOS+9oWHwtlJkgbW1eI4 LYYpbei7QRdA3iJEL0jsRNruzBKgnOlIamg0lCT8V9czVgQfIT1XfskvtU2D NCvwq5m1ROmj6IEaeWvm1IF2Snl/S2HGnevuTqLdgl/B7IYyfs2kCTnUIVI9 y6TsLVHwKDnVmHSphP/NNWBXbjNfauF8HbVHDBJKBhdDYaU8wnKYQTzBikpj kyQAC9Q9K2GFLy1O14WQgRKAWkXlXvkCq6lVxnTiHqqMHdZ4gikPUf8PU2H+ BsTI6iEE8F5YbI7fNEwMECtmpePCoFvUoRl1RQ6LJ4IrWBBPVMT0SlOlu1Mm G0QwKBmy5Qt4oRbIysPgu3q+u09IoAXDZ1euPrYHZyxdDjhYtm0pZDl/yvB8 eY3l+z3iB7dyvz5pK8/rk7YyyPjfbuUfKPF/lILLjR7659W54KgwSlenxvzu LikmJ/UgtZBVd7sgIURbLOfFyENQ+pbaRMCn7yaSWs2lE9CRce8HQCXtF7Av sLizVOyAxERB1zPhelfFjzdlb1ixL2pIGBI+BCK8TQJUSw0zwdNTf1XGGNU7 U+1IJAUHIsXC8EhKRws+sr+28wqM1pUNUM8IUjrRfHhlkScWRG3sCezKlQbK stiEj6CUPfVR7N0Oqz5uocConqUtFW0up3Nd/ENZ2EgkVOdCtHEwlqUe0iWt C5woqhfjNnk7FvG0AJRgM0l7VD4NiweIKWtIsq1sCmCml8SQ+m19J/URvNVO CoP3U48QdoTEwwlj8HF4L3tfGFPqukXsvgLluqq32BvHhmEtR8l4NoO6Cy4w C2YOVureQS6PdEJsSycG6KocNow0qX9PukUx9/NSF8S3Q1RBzrkLTFWIWyWW ku70zHmSJDKD5GfSfeme/5/2zmXJkpw5zvvzFHwBmSGRiduSZtJaW22BBLCS aa+31/dlVc9Mk1Uiu7vmsiDHjPNPddc5eQEi3AMR7sTVkKd1jwPO/l1VQCkx UAx7qpFSNrHKRrIy/r3ACPRQARXVjo1aqmtXB76dXxVtO0xDgK2b6L1q6Kkm VdVfdo5YO05nrbyElNjpobJVwqhl6UHESwXs7otEdUxPo4mOYO9VlKnnk29S b2uvf4zp96fP7KFoBRJqGRyqpnUADLLdzqsSeuxGU4CnC0NTO1kOW2WzDPt2 JCWqsN/7ft23q2P1x769u/8qROgvrit8cptvnZizPZoUK0athi+l1MmXSx2c owOSH7U6yPZtf8o4nXfM7GArh9ovk5nr8fIUmWd1uXjAmiTJKA37a+sKn9zm Gwc9rkgCMXgdWykVVZ6AEAWyw1rejvFFDa3KSSwlKpM7gBMpeKrAJ5F0Ye5E v+e5gKdH1t5el4iP3uafWVf45Db3u7f5ODuZ1C4yYpZtPOm09YuckuJ0Gn0c 0p+SnkaNm6W6bRNRAfqAu4ZOnNXCXlYY2wNtcrVW+LfUFT6+2fpWK3L6wh6F 02qRUYioTsqxoQZIGZOJN2hqprIfhO5UnxE8zTbV0Gkdx8keYF9extupfGHr k1R9l7+lrvDhzab3cDTHUGcXIKRABwsxbTVboXHjUmAgAQLegKsHypphX6c0 PltzV8yMfPrS9ZqkXhznuIe/CqL+qrpCUNQrDTJruJ96naspCkY19wGLAdtA i62E4FlRqMlHTlbMIAnu4YfqCvtWgYFHNBK3qT+zhwSThX6t3qtSk/AlcCgJ W+fg50DDxnlwUxz5/OW6gtqJg6+68753hg2AJKTgu5Ulr7bHpEueybOZVxrr eppWN0C6AF5/avTvK8sDCsRtC8Gta5Oci0J/ysHArvi5uh3c0i7wu/tpDgUr qNMPbppjOSHzAk3vANXzOC6Q8Y82CVSJVQUzW9o5W0kHYXg0lNiDN6Gkd5vw hJP3+t1sAYDqQGiwA+musDpgYrx0DleJM8nYDu7veH7/oQI1grPDGq77GV5u as3GD42p43FBI/iAofLb4HvPR8JZKWogC2CfhJ75Zf5s9AOKW/Qqtz3qRVBU zTIpLQtu6Zd8r8JmM49l67mitgd4d/AsPDZfkp8yg/Nz7D0nryM/ewUN1nbw XnUDr7pHh9IXIcJJQTiPcwwRkkt+4eGzQAL4c/xWHmA33Xz67DvtFbti9xDM S4uGBetRZs7uSuPPhumrbQZhcKcZsu/6qvcgVCQemHpgvWucDIqLTYvkCXuE nhKgoGKKV5/3Vn7oOuehdEQ70v52TA4o1XSmuMU9tS7X9qxlbyDAAXh8WhNv kJBqxMFR40sBbZVISTwLqvJ6WkwfP07PMQiB8PWcQOHrgETHrKfzHbg/CAnL baoeDmmcEA6H0o/Sfi8PEHWPws+VxyMjH1cl3jaonEInYGT9j0At9qhuxw70 quLqoLG82b1frveptGPaCquwe1nkcBj+EBA3tiykKPzXlR12fNSuYa0cuN/g +cn0IsLrBA8N+y233Zp7yqirr+CYaql4aTzN1qbG4RfpqGnSU7nU6Dz9dqST JJte0JVqM9c8i2ObHgSqnXFCu5bvDK7DcnMzSb7iXj3bBbN+Kw8ISTXbBX/b Zn3YNd6JtmS8Y4TTOcYe5l0dReAdJXZEytqYxjFZONfrijykcJ6F53GOazlV A6s69EDX4A+klKZLIgKI4FhTWReHhRXDJ5SUf4Kv4a9GETPkl0SR+fqiKMIa +9ko8n1lAkIZdT7h5Twt18XZAMAgl87q3Od0tMCefB6cKlj1UCYo306TPUHC 6ZX7OdbRRYYsmcRLN5wc9N/v8ZTzVN7pccO6gZTZyS0prZPi6dNp13hdbFQW PuuANzpUJl3qqZFcglqWTRcocEzTrgS2wQp1BlUttXbpEnuCd2JkuVcX2vKv Am5P/uGDlQNPPJOayMSFjbLvpdwcNIy1CBiG9/9jKhMsrisayY1bBEVtzs7L d94vRS5bDfcBfDrOQPYsbJ7ba5nF6h6X8iLrhqkYDZ+7Y1FTrZWkh8+xLOBW eEHQ/G51AnjlhW9SvwY5Okxd6a0ysYuv1YdRCOHH3vaB56aCBFGD18V6JwQB 5wR0NhBlzWBW1MHGg+Y/ViZYbLpGncArorOdRHBgFtoHFo480mtkeMuZyDXs BbA9KWMfLd9svMr67lxnreaaAM0kVuX8sl6iJPJFHOdK70WCyyyL3acj8QBm G42us2bY+kUc7zZzpSv2DE4koCh0xfJ6/WMa1j99Zg8VsMTa5mNAMcOwWQ/8 72QDwb4AwPvNU4qLoHUS+E5HZPfdNO9cmYTQC1QgxE3aJNGD5Zx8KITL/pFY 5p9ZmfjkNt8ouyyFQB+r815hwsDVSAaWsEkAkuRikksg8pDrG4HgOrrnAaSb i9+IsD1hoUCoslrvpMoBn5/IVn9xZeKT2+zv2ktP6mmKcys1dz76G8+2LHqL 2t6s8mnX0wCATyRwVB3gfrrbTuXZX06IeYrsUHM6balTXOIvrkx8cpvvOj2x DfuxKwHwKPaf3dN+/CU54nOEpscwbZAaZ1wgSngSUegktE9+a4b5AmuAeUu9 0+2EVAO27b9J+vTjm73fmnX6cwBig/fWL5BsFecGDvg4wD8acJX7AisoWpGd 1oYVKth4hGQTq21lr5Qcx1qTh1SIVCc4sp8fd+f/2ZWJD292vYejxVtwjd4k vxtaCOxl7Sp94hBzCnol6hC9UtKqK7lZ2w0QzBMgd4K32/3agS3Aj5xlmEpq 20B+f1Flglttuli3YsGdSEIyD0/L6FwD4Ama7zxrxYWJwZcKtgA1ku8E2bTz x9w5nOLy4FOleIiQQoXqwBfPTK2fVsDn9rAssK3J5EckJgH1tDYRQ/5yZQKk qT2qUvcR7mdX6yMUAGaEomu7NdvIAOtDVAmsvWwxGnZkKMmYf27i90tLEwua VJudIfzrrC11qzwWI2/bUYMvbVXPylTbHA5y28Juf4rzjCHyypeO9ALWu0ha EqvskQ/IXYbQC9txHJIjwIJHF4s1PDypgGUdHu393rlQPDe0xwG6YT8m7BSW oKcA90Bi5T/SpYeUDL2e2/d+aY59ACPLS+mXYsuuIvuTrBy0xJ7x4AISsBCW dFiNvtig+RgQ47UV/AE0KtxRoLOPEMKrnZ4vAVYG7L/7aU6yAgQOe111oVpj qTpsNrd5dMB5WS3kgyw2iqpRgQ9eTniBUE+rcVB5oDwr9GTfBsAz2DuF5FGF RQb1oYBU4DC2/m+liWoTKVBwKiY3FF87l8VGdvV5n6eeGM2Gd/6CPbMAlBHt gorsK7/2FZeNiUqzgU0dI+ktbs+hE9siD60Jgq6GG0INb1XVcrNeV0taussA 30sTVSgbbESHhUvk5wWvyiC824mYC1Dsi685KfVxs5L0KYlTB4QmcOJadEFc 6jkmZ1b7gKSReJwb6Fqka/620hFGFkTFqZzYsH/qGgPkm8f+Q2miqM42aj0t 0R7QqlXuOztn2q3X8soO2FViASVHduKlT0/OxVIl15JO/uSCJ2tbqhWZOJXU N06yYw3bsXD7B3RvZDUWq45F00N3r+27eseGul+s7GbR54KjqzUdl2SMDRXP CRXl25XQG1MnT17zaAueavkPnpxb3dwmrCCQGuCIsKe6wcuxRBi7g9T3fV9Q iy6yhg7xwiNERRnJHqcWFL93LrAyTgLw5ZJI19XBLuvgMRgALsUPoHWefnY+ t/SuTUEjetanf2LW8oq1TLVeSyBZpAMWQtzKbvQUdIK2QZCH1E71g9RC0Qlj Nb06YV4nT/J9qoHgloH8wyJBEP0OD313imzaeodwa/fN2uNq39w6pYKg4h4h DTxJKeMF/4IMqg+51tQ/jJfjePO6tv3UD0g7LpbWtjacWFDzvuzp9gAxzt/H y6Fx931KYKCjvT19/A4hXuB5K2dH8mRKK8YWa+TT4INHgw23zd4H224FlSpX P200UO2V0AS6IpqxREYomiWwpFvX/AmO675IBIvlrLHnWHwAgeVF/NQXzgYv Jb+JL82i7yEqY5V6Ct2V2U8a7ZzNJ93Pm+ei6ZUD5/aTKxLGf4nfFBfjiZL2 tFPlww69MNnjKgo0ACyJ9lRTQ2V/Muz+5lwaVAnk11JrOT6GBemUAyY9QpKO iuc1ZqmGV4s0bqUMpeGB8d6IYi/rf9NBhPDwa5Im79znqaq1yrkk0RiI8Ttr hnH4yljVyhCnRrAu+fcul18L++n1RWG/vb4o7B+vnw7739eSYrY9wKLwtARA 3M4WrayyPPJZR6idOM0T4ufsfKKqWX/xeppOPSVzseezFbkKvcmJttr0tiQm zEt8SiCagF4Cr3N1u+5rCmuCsfHTwf//6nL5vZaUMuH/1qw1cQ/AnOjE9x0V rWj+K5tjNG4udk/ZdDjSqc0wnI4c97oJ+dlho2TGI4SoQGVV/mTjgWBJoE6b KlpIkHsmw87nBRZNWdL77EsgLRMQHuq9nEG3tAyItVuUNNnfHJOBB6T+XYId eizX0p1sXeSY72pJfAfpjAhTbdWa3W3XyND/vpZUAymiE6vU0j648e4VArHL CmetbKxDe6568IE3S8si1snjLzudV1AhAurt6SovGIijb0UGKQcbtgNPxOko 4sx+JDJbjU/LGEyMTTvKXter/FNqSZ8+s2eOnDfZFy//eCz9iEPH/fS0E3E8 3DlYqARwVih3/YjB2Bfo1mRjZ2FFrq96TN9pfXZt9Spj2e0vriV9cpvvys/c jC2ECmfuS3O4WSwgABjuwNojvzR7HiWehyRN2RiCD3FBbBAWG+jFCxbmAHH5 yzbznM3Zob+2lvTJbb6NlUwoDDBXIaGsRd9MNuMYHEjBxD/nJrKVeSVaHHEl oGiUMJ3PaymlsMZLC8fbSchFro0lBNUE/mrxg09u863xwxAcNbwDsNm52jLw pJOIp27fwOj41mxMFlPRR6nVBZ4gj1v8m3CLDEMk25KzytEEWEO1SkjE31JL +vhm31t6AGAAb5sPn05Bw5lOom3pi8bVJ5J8H/si+MRNAgMBc8WnZliZ3+nA mPa6ms7FC5hCBig2HAtS/pZa0oc3u7+FIyjIJjetXggnlfx0AJPUc4WGaISw h/44GUY3WunLPu/eRhbgJYJB3xD3yqsGvoWSFE8kYgtfxxfVkuq09FLVid9N qSrCSi5T64k+fQQqqakdn8Rn8JRWM7lonA5ak2Z/qJak0g/bMQLDQuCZqDx/ P8pMek27RdvB8+MlXA9yF1IEqJUgmDj3BepxIM/j6V/RfQQkffPmJ/uNBM8O g+810EQEQjwlJdUPGhhXH3WPVedPix98ZTkJ4ipT1tRw3AdciL9Vti5iWbcT Xh+vyPP2+HCe4yKuj7utFm7hY53pJSb1sG3cbDmHAdYaW3fUBiDi/ZI/Zq52 j4PToPfjESwBzuXDCauZ7z90ugSQjr57S6oenYk4nFhUgTuuM489bNPanRyd YZrwqzh0A4HlAYdfMC2QGOTIZLbuvUHZE0buIrnP4s2xWhqrvvXWuujzUhA/ bf7Clq4uGFIH6pw3KSI2M8RSUxri7I5SYotFBh8mpBIqrkc3/2nunZMncU1F Y2AufPcKgGi2Oo9v9cgXnSSLHZIKCNy+8l9eC6ToWvBZYbAepy1IQL6Vk8Lp jPnmgbHbAd9seKh1vI4xtHmNz6oHiB7HIj3nq3koSCDg0/Phpb8UToA9Q3Th kN1eDwJF4DqHnfO82EyaPwbQj/v3JLuUdtnwmE/xSq/neznpnOMC/SqTnaxk j+DhMfBG9ebuHIvzAJs3ojRE55/hyCrgqFbbwHZ4NT76mTwgzfDqbGBRkk67 7njrnUow3y0oEXHaEpChJSy20R8rTsBv/sMgDA9+2ERTFALso58K282oG+7F t8xpeCfShKXbQ31ICK9gSgjr/SJoigIe3gdFJ8HdVluuTq4D9/FotvUmZx92 ndCJNVkm3Ge3s00tuMoanf0FAQMi8hxV4N318fosHmxUF0/iAghxasVv9h2h WPvfC37iUXQ6Am/jdEyo24LYuWqeZ9yPLdIu9vnoMjx5KQNOMLWuUYKpbPZ1 tY77+EC9m/nyCoc9Crwp1mu6z3UezifOWfbjnrQ2eP/RHFCKgitXCRIQNCxa pJe+vgGEENnEisGlpFxNgv3co15hDHU7Kq+oqG23AU4qkbL9k6J4QMXzvZyU fbKnHjhlHZHNP5QlDPKxsxdYlFof0bFK2BKQS8ZHBHUEtKlBAHZloRE67KTJ V0zKkHE7nl1DzIkRPPrTVAd5YWOS9Hnw7M+oUvmhpxKh6bdyUrDhxp8GrrKd ygYpAU38KKy+Zk+B7fnZrOpYw9JFKGocpdhee3nzN/uzKomwlA607+RMKisV lZS3CksHL568u64bSH3BgnXNis6o8jRsBSgvJ+8NkMBq+zB66wMa7N3YecAL TNuXGKEUBBE+yVqIGiO1WM8SbU5fA1yMVUlCKcrx70s5SMh40PyDRQRNE9FZ HLawv1OPrvu45m/lpGcGDNBw1wcQgpnGad/PmTzqyHP0zXNyfiOwWPtVtXPw IkAM6htpZwHnAS2Vctz3oVFGP22GqDlv7TWqjUDwZqB0JLwNKC7IirQ/eR5O pP8juqJ+LePk1xdlnPL6ooxDwP/ZjPN9JatpfuEE3CAPaNtUdlaMuYcHKuSL sN+sG61k3cJ++cv2Ezv2eqvihvPWzLCqG9itCXqqOFRAOWVbmqnxWE/CNdh8 eCH1CLqqjzTa9WlX1PlfXVF/qGSxfgsf39Kbv8OltjSZQKObm+R4AxqmhTqW ljZAWpirI6E4sNZcr3lP2EBkZ3kAcrNKeTmkOShVP9juzfwQRr547tPWSCKY WYzHArRO91sl6wB7sFoJT4R9OIADY2E5ZHA2jQZAICNCv+w5JxiSEncEjABC 4AKx5u8qWdPWOeLkXENzTMJDhxLtDwyh1UUP1sL7GgPs2Z9oBe8gyRJ6s0dZ 4ewWobtGmoeiRpk811QEfsixE91O07N9H6ZrgUvCzJNii7M0rv1IUXmEZtfu VqdAK2He+njNf0ol69Nn9ujAXLF7YKZKILtG2XuoWGfjcHen5ZoZjwE2W3ZO RbBdKEP5w8kTBHmxKFWZKPpSLIubPXoKWfv4aBrkz6xkfXKbb/rqdwCskmYe KWFSsRE2a1dJzrd9d/Aq50pjP+3eVv9BMqwOoi9rsFrFPQjD4K8jPKjrLs6+ Elw/Ktj9mZWsT27zzRDaeeNhA+wK4ORet6b0TrhuBy8AVNVgRdRWZJ6QpMJY CsBA8hRr3sNEAlCCq+4LiHyDziN3ms7jI8nHP7OS9cltjne1ENG7Q/2Qlg7t tIfSM0PgJHhpPadNnbtp5J152qNAxrHHK6qLk4jTA5ASNCws/Qbe80ACzyr/ PTKeH99seDeEPp24qk6/HJ4lzuG9cIdO+x/rEToH724rOltkT2K9B39CzmvB we8wXhWYRdqNB9mgGZHbNY+Ph9P+7ErWhzfb3sNRvHabdTq+DSYGJN03iAQk rUmrrUUE4gOsw+K81KojHrXOy80q3UULE1d89QxBmCNBUOFwMKTIdi9fVMnq Z0shru0cP6ypH2/No/ASZYpUfntacMsxAXfmhaxyj4LtUyu1H/NBKATVyfdE m8zFdHys57wJrqYT9tHY4uciVK1ZICXtWeiKWgOhID2/Pq9VoYuFnLDH3o4m 3wCzAdInW55QJBsSty4P6fR+bSVlgfU94VWwqPRvdGD+F3vpaP9fR+i3d/Pf /uf/+d//91/+9X/863//YTUY7uIDBVAtDNNPFsIAexohLbDdfMwd7fNIeicM KJWAbIARq+e3Ve3Zmj2KvipvBST+TQV0JeIXW1RFV2UQSjs0CGV1wpFvqDBQ 5U17vFSAYIGvXxuQfs+qvuhvZZ8GZnemjLW2+YgMsUpVJz04GrDeaSeQy3Xz 0m57uQntjiIXz9wTLO/d0rnCRwNrS0czdchJ8KrWO95WSSNhOt2RrMmSBG3J vPRfJe7aDnB+Ux3RvO86XBenPdHDaKHoyehhydYgrm02Z0rCEU+RZ16L/GtX Hf/7W7vL6bxPBhertbmJ6jnNDIVKno5rSQ4fUOlIBfq7knV1LeZrosfJ9apv nO3Xn/D3So0eex7P8QFBlEQCMGUVNGH0vltWImY9tWz2Pf+X2hQKe6zEh7E0 PlWVaIPsGw91qVkxcDSrFUnP6Fb1ag5glK7FQTCFxfMleF42Ad822eV+shej LXdTo4XIf4xLqftpW5CF/PmoKWwrzhugdhtz91qvmIey0PE3kiDxvRYBPHR9 Tommo1pfWhpE8fYUw4ZlEy1Y9SoogBJs3wiPhmPfD8b/I0T/wE+sASQWUbGB KZVbFvUTuFNXEoXcEJ+DlbuDrdblfMWaiR+Vu8QNRPmiwK3sNWudJ5lBOKos a3KneIWS7bnH0wNtQ5rOAGp9K/CosKfdjT/YzjoNN0OXHp48e8N2uJs4Djou x52t9JDEOqu0kvEu1tBbVTJUt8f+0NDzxwI3SFZ3xq7sss3Slhxgj1PNynbY upssV1RlLVXT1bciKr6ynetePzNo++WR906Hsyu1EF6zaCFEdjT8kzDXbsVA u0aDd4afRE03hq1kDbpNSpo7vUfeqTxab+VmTacdYLpDa5woNMzjtAiuW0F8 JhkHUQy2o7P7tK18nd/6Nw9TLJcJOwVg2IbXeLhrsyUcGOwwibJvNifUPkLg 1+UGmfLcuHIs75GXjZzgkIdiPWEdlpRJIURi/pWix3UN6MSuJKKXx3Smhkd5 yNnO2vp75AXM6oq5FPyr25rKGDZLnkCB6yYTKIbKRraMPmzn1b64OtCZIQbx W+QFQJxatax7APJzbTJ6G8QKbOewbtQhgce5bRc72S9X1SovNCWJWVR/e6Hu 11/u90E/qG11atkIKSiPNe6dioLyZ9sWQYLFb1hGr1pmOp3RgQe897709/h0 YO+68tZIMGZYSPAoYfMZBCBLRQEiU/RE76RPwl69y+s4h1LxdrjyT/vCoJ9P dY5hQ1ZDyPeASdIlfD97PGyX3ePzqr3cUlQYnFNTXeet72OFTvzHQV95PK2R CAPLCbgOSrHPcp5pTnG7+BjonrhaMkyY1yFDBe6SgY50flHQZ9ndJTdC0Hmx MjtRfrVTpyP749gyXB2oVfTTmtQpH55Fb48fYL0/FvQPj3bshId27Efiu88Q wx1XJIMugsDpEXQd+zLcdi4qqfuSnoT+8Zf9UNAvWuS0yn3GWlMABx6etUEM HNew74atSXYp67ysfJh78nY7eCz2B6nMH5lh+PKoz2pmfzaSZbqGIoplgJge IOa0HkHDwmMgfu4BblgECphfuJT10Jn2Pep7FkGy7SlB+M/K864QzfJ0qXtS mSuob6w2iWZ3AkefAFcAnPO9j4zxW9SvVmYjmbkcWheHQPpRqloXYwLL1Kip 3B6gbr5pQEqJyeews2a2SDx4i/oAxssB5BLXtNFZeavNhSdCY7rCNsB5InKq u73uaQsBfPfy8JKAd75H/Q0GM9zA3wk9wMRmt79KWR6engQ4Fi2xjzA3Wp7l IErzGXM6pj+O8B7119Rdi/jViF5pdm0ZugeBJykEtN3Usog7kDKWslfxhrep NM8+gVv03zrDCUln6YdFJ+7iIiOUPBRe6LDPmZRMmE8nvmaidj3u4sETGYG8 dL+fwqkCQGBUe+U4kqdttiod1UD/CJQovC8hgcj3apgAXa9LgbmDa8rvB1d8 xSPuEvTzmA5AXspxe9udIPNo99vBBpBnU2Q+ldAGa2mbfy5e+JNPfn3Z/BsS wWo/Ut6Auz1zGmQ/UzdLXsvSwhWEKVNe2pJZsr7I/TaMAs1sof20afcfRCLO pIK4Z77XWW0FsD2Uhc1zDivuq3Vblm1TJvhPpaULd8864717yf+JfBJLnrU8 xwaEFkc9p+Kbq3gYf0MnLkAh64j9kO3Ju+9du33UdzPmrq/qYyIHDtW++pXE WYNHwfc4wALfvjSgMQ6Aklg+WZkIch7YlSWp+OuPqQCHSgw5OhkFyLU1YQII PhLeluTsOmweW1xbAWBeXFF+tF3sl0NL1PUFJEImyAZvOhMC8UCbBMPkgUDz yJhs3vtdHC5OpaWiqens/FXeMdDuZ/uYvjylgPkUrT9WU6VCrezHMj7yCHl+ jylgn7Z4sp0IC05kAbiIa5FMva9vU231uAnaqnWu1YrH7bx5QHs/bkIAEd9T 7ewPiMMOpFwyyPu2KMfqvd9Tiuev5042wBEdc4BJXxNEwlcXUDJAif9/kg4O yNo1x2P9mHi82q6T099TygV1tRNlKhcxoLQ3K5LbsRE/z5NA7oyYI/rlsCwO 7NaOXGNA2G3+LaVANEgPubUTHkiguNiV0VigjDibmGAEfWX/8lRGkNNeessS yBLhYX6zUHHd6blSZlGhtEDALkUVRrDP2XNF8mQDcS6Y6ZXsAzjhNENapeTx e0rJ9xH32tU4DUYj54bqjGcqgJpT+8+ybr1UwK85szybikHN9oGwj29zQpEs MnTsggQdscoG67JbYixWsVExeZCV1SuF7B+tk2PrwauIQeuy95RiTXvwtXZ4 XOfcSmalXLtyhmuatC49KAKr5O6k3XypRpqGw5QKr//t7OjXV+z32cyD5itD tUpWmZy3t5amxYT2oisaKZpbNzS7A4l4qi5oyxsUyJzHpwf3/yB2dB/O8yyA zbXt0byfQyT9sjL0uS5IQuiPTa7COeZScNCcjm21o97nfyKbwUi42UdR5g7r 6cLI12GXmSj2OVxwPFN9agLSxTti4aS+MmCksJC/KJvNvoFSUuKbsMB2TjxC Md3R2e7mzqerDK7AYgVfaCKxLmkLWwWG/GNnGadWqfxa5lMU6Lv5GlI0CdWx rMofW2rr0OnKGp7Kal/24y9+L8xf78qF7fCBvG1Qycli4uucG4SVzWIU1jqg BR3gE7yQsLVA1TO5zarA+Hm0/w8VAYRZx6ACAA== --></rfc>