Replace liboqs SPHINCS+ with SLH-DSA in certificate layer

Replace the liboqs-based pre-standardization SPHINCS+ implementation
with the native FIPS 205 SLH-DSA implementation across the
certificate / ASN.1 / X.509 layers, and add SLH-DSA-rooted test
certificates plus TLS 1.3 .conf scenarios that exercise the new
verification path. All liboqs SPHINCS+ code is removed.

This enables SLH-DSA for certificate chain authentication: CA
certificates signed with SLH-DSA, certificate signature verification
against an SLH-DSA root. TLS 1.3 entity authentication via
CertificateVerify with SLH-DSA will be added in a follow-up PR.

Follows RFC 9909 (X.509 Algorithm Identifiers for SLH-DSA) and
NIST FIPS 205. Supports both SHAKE and SHA-2 parameter families
across all twelve standardized variants.

DER codec:
- New PrivateKeyDecode, PublicKeyDecode, KeyToDer, PrivateKeyToDer,
  PublicKeyToDer with RFC 9909 encoding (bare OCTET STRING containing
  4*n raw bytes = SK.seed || SK.prf || PK.seed || PK.root, no nested
  wrapper). OID auto-detection across all twelve SHAKE / SHA-2 variants.
- PublicKeyDecode raw-bytes fast path mirrors wc_Falcon_PublicKeyDecode
  and wc_Dilithium_PublicKeyDecode so callers (notably
  wolfssl_x509_make_der and ConfirmSignature, which pass the raw
  BIT STRING contents stashed by StoreKey) decode correctly. Honours
  the caller's *inOutIdx start offset.
- Error paths in Private/PublicKeyDecode preserve params/flags/
  inOutIdx and only ForceZero the buffer half each helper actually
  writes; skip the wipe entirely on BAD_LENGTH_E (no bytes touched).
- ImportPublic uses |= on flags so a Private-then-Public import
  sequence retains FLAG_PRIVATE.

OID dispatch:
- 12 standardized NIST OIDs (6 SHAKE + 6 SHA-2) per RFC 9909. The
  pre-standardization OID-collision mechanism is removed since NIST
  OIDs do not collide.
- wc_SlhDsaOidToParam / wc_SlhDsaOidToCertType return NOT_COMPILED_IN
  (rather than -1) for recognised SLH-DSA OIDs whose parameter set
  isn't built; wc_IsSlhDsaOid recognises both. The x509 dispatch
  surfaces this as a precise diagnostic instead of the generic
  "No public key found".
- wc_GetKeyOID picks a placeholder parameter from whatever variant is
  compiled in and #errors at compile time if none is.
- asn_orig.c EncodeCert / EncodeCertReq accept SHA-2 SLH-DSA keyTypes
  alongside SHAKE.

Tests and fixtures:
- Test cert chain in certs/slhdsa/: SLH-DSA-SHAKE-128s and
  SLH-DSA-SHA2-128s self-signed roots that sign reused ML-DSA-44
  entity keys (server + client), plus the gen script
  (gen-slhdsa-mldsa-certs.sh, OpenSSL >= 3.5).
- New TLS 1.3 .conf scenarios under tests/suites.c dispatch:
  test-tls13-slhdsa-shake.conf, test-tls13-slhdsa-sha2.conf, and a
  wrong-CA negative test test-tls13-slhdsa-fail.conf.
- DER round-trip and on-disk decode tests; bench_slhdsa_*_key.der
  fixtures regenerated with wolfSSL's own encoder so the codec is
  pinned to RFC 9909.
- New unit test test_wc_slhdsa_x509_i2d_roundtrip exercises the raw
  PublicKeyDecode entry point that wolfssl_x509_make_der relies on.
- test_wc_slhdsa_check_key now tests both Public-then-Private and
  Private-then-Public import orderings.

Build / ABI:
- DYNAMIC_TYPE_SPHINCS = 98 kept as RESERVED with a tombstone comment
  for ABI stability; new code should use DYNAMIC_TYPE_SLHDSA (107).
- All build system / IDE project files updated; SPHINCS+ sources,
  headers, and test data removed.
- Dead bench_slhdsa_*_key arrays removed from gencertbuf.pl and
  certs_test.h; the .der files on disk drive the decode tests.
This commit is contained in:
Tobias Frauenschläger
2026-04-20 15:12:16 +02:00
parent a057975347
commit 9393d62591
90 changed files with 10755 additions and 2926 deletions
-2
View File
@@ -299,7 +299,6 @@ HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK
HAVE_POCO_LIB
HAVE_RTP_SYS
HAVE_SECURE_GETENV
HAVE_SPHINCS
HAVE_STACK_SIZE_VERBOSE_LOG
HAVE_THREADX
HAVE_TM_TYPE
@@ -852,7 +851,6 @@ WOLFSSL_NO_SERVER_GROUPS_EXT
WOLFSSL_NO_SESSION_STATS
WOLFSSL_NO_SIGALG
WOLFSSL_NO_SOCKADDR_UN
WOLFSSL_NO_SPHINCS
WOLFSSL_NO_STRICT_CIPHER_SUITE
WOLFSSL_NO_TICKET_EXPIRE
WOLFSSL_NO_TRUSTED_CERTS_VERIFY
@@ -244,7 +244,6 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/siphash.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm2.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm3.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm4.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sphincs.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm32.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm64.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_armthumb.o
@@ -270,6 +269,7 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_mlkem_poly.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_lms.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_pkcs11.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_port.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_slhdsa.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_xmss.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o # autogen exclusion
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o # autogen exclusion
@@ -244,7 +244,6 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/siphash.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm2.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm3.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm4.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sphincs.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm32.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm64.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_armthumb.o
@@ -270,6 +269,7 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_mlkem_poly.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_lms.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_pkcs11.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_port.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_slhdsa.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_xmss.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o # autogen exclusion
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o # autogen exclusion
@@ -244,7 +244,6 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/siphash.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm2.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm3.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm4.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sphincs.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm32.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm64.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_armthumb.o
@@ -270,6 +269,7 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_mlkem_poly.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_lms.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_pkcs11.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_port.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_slhdsa.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_xmss.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o # autogen exclusion
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o # autogen exclusion
@@ -244,7 +244,6 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/siphash.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm2.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm3.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm4.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sphincs.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm32.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm64.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_armthumb.o
@@ -270,6 +269,7 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_mlkem_poly.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_lms.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_pkcs11.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_port.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_slhdsa.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_xmss.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o # autogen exclusion
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o # autogen exclusion
@@ -244,7 +244,6 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/siphash.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm2.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm3.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm4.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sphincs.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm32.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm64.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_armthumb.o
@@ -270,6 +269,7 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_mlkem_poly.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_lms.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_pkcs11.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_port.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_slhdsa.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_xmss.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o # autogen exclusion
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o # autogen exclusion
+10 -10
View File
@@ -3,14 +3,14 @@
SWENGENV := $(RMX_SRC_BASE)/tools/swenghg
#
# makefile -- defines the macros, directives and rules necessary to build the
# wolfSSL library.
# wolfSSL library.
#
# NOTES:
# 1. This makefile is a "wrapper" makefile for the Visual Studio 80
# INtime package project. The makefile provides RCS and component
# INtime package project. The makefile provides RCS and component
# release support not provided by the project's native visual Studio
# makefile.
#
#
# 2. The SWENG environment assumes makefile execution from a Windows NT
# environment.
#
@@ -33,7 +33,7 @@ SWENGENV := $(RMX_SRC_BASE)/tools/swenghg
# components.
#
# 6. A SWENG makefile executes standard MKS and MSVC tools. Other tool
# sets require additional macro and rule definition.
# sets require additional macro and rule definition.
#
# Default macros and directives.
@@ -157,11 +157,11 @@ MAKEFILE := makefile
ASM :=
C :=
CPP :=
RCFILE :=
RCFILE :=
SRCS :=
SRCS :=
OBJ :=
CFGS :=
CFGS :=
DEBRIS := $(LOGFILE) release* debug* *.sdf *.user *.aps *.bak *~
@@ -319,7 +319,6 @@ INCL_TARGS := wolfssl/callbacks.h \
wolfssl/wolfcrypt/sm4.h \
wolfssl/wolfcrypt/sp.h \
wolfssl/wolfcrypt/sp_int.h \
wolfssl/wolfcrypt/sphincs.h \
wolfssl/wolfcrypt/srp.h \
wolfssl/wolfcrypt/tfm.h \
wolfssl/wolfcrypt/types.h \
@@ -329,6 +328,7 @@ INCL_TARGS := wolfssl/callbacks.h \
wolfssl/wolfcrypt/wc_lms.h \
wolfssl/wolfcrypt/wc_pkcs11.h \
wolfssl/wolfcrypt/wc_port.h \
wolfssl/wolfcrypt/wc_slhdsa.h \
wolfssl/wolfcrypt/wc_xmss.h \
wolfssl/wolfcrypt/wolfevent.h \
wolfssl/wolfcrypt/wolfmath.h \
@@ -404,7 +404,7 @@ INCL_TARGS := wolfssl/callbacks.h \
#
# NOTES:
# 1. These files must always be included after the macro definitions and
# before the component-specific rules.
# before the component-specific rules.
.INCLUDE:$(SWENGENV)/rules.wnt
.INCLUDE:$(SWENGENV)/intimerules.wnt
@@ -495,7 +495,7 @@ done
# environment variables in a sub-shell before invoking the makefile.
#
# 2. Path vectors are converted to Microsoft-style pathname slashes
# via 'redmond.ksh' before passing them as environment variables to
# via 'redmond.ksh' before passing them as environment variables to
# Microsoft tools.
SOLUTIONFILE = wolfssl-lib.sln
+2 -1
View File
@@ -81,7 +81,6 @@
<ClCompile Include="..\..\wolfcrypt\src\sha3.c" />
<ClCompile Include="..\..\wolfcrypt\src\sha512.c" />
<ClCompile Include="..\..\wolfcrypt\src\signature.c" />
<ClCompile Include="..\..\wolfcrypt\src\sphincs.c" />
<ClCompile Include="..\..\wolfcrypt\src\sp_c32.c" />
<ClCompile Include="..\..\wolfcrypt\src\sp_c64.c" />
<ClCompile Include="..\..\wolfcrypt\src\sp_int.c" />
@@ -93,6 +92,7 @@
<ClCompile Include="..\..\wolfcrypt\src\wolfevent.c" />
<ClCompile Include="..\..\wolfcrypt\src\wolfmath.c" />
<ClCompile Include="..\..\wolfcrypt\src\wc_pkcs11.c" />
<ClCompile Include="..\..\wolfcrypt\src\wc_slhdsa.c" />
<ClCompile Include="..\..\wolfcrypt\src\port\liboqs\liboqs.c" />
</ItemGroup>
@@ -164,6 +164,7 @@
<ClInclude Include="..\..\wolfssl\wolfcrypt\visibility.h" />
<ClInclude Include="..\..\wolfssl\wolfcrypt\wc_encrypt.h" />
<ClInclude Include="..\..\wolfssl\wolfcrypt\wc_port.h" />
<ClInclude Include="..\..\wolfssl\wolfcrypt\wc_slhdsa.h" />
<ClInclude Include="..\..\wolfssl\wolfcrypt\wolfevent.h" />
<ClInclude Include="..\..\wolfssl\wolfcrypt\wolfmath.h" />
</ItemGroup>
+1 -1
View File
@@ -106,7 +106,6 @@
<ClCompile Include="..\..\wolfcrypt\src\sm2.c" />
<ClCompile Include="..\..\wolfcrypt\src\sm3.c" />
<ClCompile Include="..\..\wolfcrypt\src\sm4.c" />
<ClCompile Include="..\..\wolfcrypt\src\sphincs.c" />
<ClCompile Include="..\..\wolfcrypt\src\sp_arm32.c" />
<ClCompile Include="..\..\wolfcrypt\src\sp_arm64.c" />
<ClCompile Include="..\..\wolfcrypt\src\sp_armthumb.c" />
@@ -188,6 +187,7 @@
<ClCompile Include="..\..\wolfcrypt\src\tfm.c" />
<ClCompile Include="..\..\wolfcrypt\src\wc_encrypt.c" />
<ClCompile Include="..\..\wolfcrypt\src\wc_port.c" />
<ClCompile Include="..\..\wolfcrypt\src\wc_slhdsa.c" />
<ClCompile Include="..\..\wolfcrypt\src\wolfevent.c" />
<ClCompile Include="..\..\wolfcrypt\src\wolfmath.c" />
</ItemGroup>
@@ -81,12 +81,12 @@
<itemPath>../../../wolfcrypt/src/sp_c32.c</itemPath>
<itemPath>../../../wolfcrypt/src/sp_c64.c</itemPath>
<itemPath>../../../wolfcrypt/src/sp_int.c</itemPath>
<itemPath>../../../wolfcrypt/src/sphincs.c</itemPath>
<itemPath>../../../wolfcrypt/src/srp.c</itemPath>
<itemPath>../../../wolfcrypt/src/tfm.c</itemPath>
<itemPath>../../../wolfcrypt/src/wc_encrypt.c</itemPath>
<itemPath>../../../wolfcrypt/src/wc_pkcs11.c</itemPath>
<itemPath>../../../wolfcrypt/src/wc_port.c</itemPath>
<itemPath>../../../wolfcrypt/src/wc_slhdsa.c</itemPath>
<itemPath>../../../wolfcrypt/src/wolfevent.c</itemPath>
<itemPath>../../../wolfcrypt/src/wolfmath.c</itemPath>
</logicalFolder>
@@ -440,11 +440,6 @@
<type>1</type>
<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/sp_x86_64.c</locationURI>
</link>
<link>
<name>src/wolfcrypt/sphincs.c</name>
<type>1</type>
<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/sphincs.c</locationURI>
</link>
<link>
<name>src/wolfcrypt/srp.c</name>
<type>1</type>
@@ -495,6 +490,11 @@
<type>1</type>
<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/wc_port.c</locationURI>
</link>
<link>
<name>src/wolfcrypt/wc_slhdsa.c</name>
<type>1</type>
<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/wc_slhdsa.c</locationURI>
</link>
<link>
<name>src/wolfcrypt/wc_xmss.c</name>
<type>1</type>
@@ -126,6 +126,7 @@
700F0CF62A2FC11300755BA7 /* ed448.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CD22A2FC0D500755BA7 /* ed448.h */; };
700F0CF72A2FC11300755BA7 /* ed25519.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CE12A2FC0D500755BA7 /* ed25519.h */; };
700F0CF92A2FC11300755BA7 /* falcon.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CDD2A2FC0D500755BA7 /* falcon.h */; };
700F0D9A2A2FC11300755BA7 /* wc_slhdsa.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0D992A2FC0D500755BA7 /* wc_slhdsa.h */; };
700F0CFA2A2FC11300755BA7 /* fe_448.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CDE2A2FC0D500755BA7 /* fe_448.h */; };
700F0CFB2A2FC11300755BA7 /* fe_operations.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CC72A2FC0D400755BA7 /* fe_operations.h */; };
700F0CFC2A2FC11300755BA7 /* fips.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CCF2A2FC0D500755BA7 /* fips.h */; };
@@ -144,7 +145,6 @@
700F0D092A2FC11300755BA7 /* siphash.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CD42A2FC0D500755BA7 /* siphash.h */; };
700F0D0A2A2FC11300755BA7 /* sp_int.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CDF2A2FC0D500755BA7 /* sp_int.h */; };
700F0D0B2A2FC11300755BA7 /* sp.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CD12A2FC0D500755BA7 /* sp.h */; };
700F0D0C2A2FC11300755BA7 /* sphincs.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CEC2A2FC0D500755BA7 /* sphincs.h */; };
700F0D0D2A2FC11300755BA7 /* srp.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CDC2A2FC0D500755BA7 /* srp.h */; };
700F0D0F2A2FC11300755BA7 /* wc_pkcs11.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CE82A2FC0D500755BA7 /* wc_pkcs11.h */; };
700F0D102A2FC11300755BA7 /* wolfevent.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CD62A2FC0D500755BA7 /* wolfevent.h */; };
@@ -284,6 +284,7 @@
700F0CF62A2FC11300755BA7 /* ed448.h in CopyFiles */,
700F0CF72A2FC11300755BA7 /* ed25519.h in CopyFiles */,
700F0CF92A2FC11300755BA7 /* falcon.h in CopyFiles */,
700F0D9A2A2FC11300755BA7 /* wc_slhdsa.h in CopyFiles */,
700F0CFA2A2FC11300755BA7 /* fe_448.h in CopyFiles */,
700F0CFB2A2FC11300755BA7 /* fe_operations.h in CopyFiles */,
700F0CFC2A2FC11300755BA7 /* fips.h in CopyFiles */,
@@ -302,7 +303,6 @@
700F0D092A2FC11300755BA7 /* siphash.h in CopyFiles */,
700F0D0A2A2FC11300755BA7 /* sp_int.h in CopyFiles */,
700F0D0B2A2FC11300755BA7 /* sp.h in CopyFiles */,
700F0D0C2A2FC11300755BA7 /* sphincs.h in CopyFiles */,
700F0D0D2A2FC11300755BA7 /* srp.h in CopyFiles */,
700F0D0F2A2FC11300755BA7 /* wc_pkcs11.h in CopyFiles */,
700F0D102A2FC11300755BA7 /* wolfevent.h in CopyFiles */,
@@ -575,6 +575,7 @@
700F0CDB2A2FC0D500755BA7 /* eccsi.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = eccsi.h; path = ../../wolfssl/wolfcrypt/eccsi.h; sourceTree = "<group>"; };
700F0CDC2A2FC0D500755BA7 /* srp.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = srp.h; path = ../../wolfssl/wolfcrypt/srp.h; sourceTree = "<group>"; };
700F0CDD2A2FC0D500755BA7 /* falcon.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = falcon.h; path = ../../wolfssl/wolfcrypt/falcon.h; sourceTree = "<group>"; };
700F0D992A2FC0D500755BA7 /* wc_slhdsa.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = wc_slhdsa.h; path = ../../wolfssl/wolfcrypt/wc_slhdsa.h; sourceTree = "<group>"; };
700F0CDE2A2FC0D500755BA7 /* fe_448.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = fe_448.h; path = ../../wolfssl/wolfcrypt/fe_448.h; sourceTree = "<group>"; };
700F0CDF2A2FC0D500755BA7 /* sp_int.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = sp_int.h; path = ../../wolfssl/wolfcrypt/sp_int.h; sourceTree = "<group>"; };
700F0CE02A2FC0D500755BA7 /* cryptocb.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = cryptocb.h; path = ../../wolfssl/wolfcrypt/cryptocb.h; sourceTree = "<group>"; };
@@ -587,7 +588,6 @@
700F0CE82A2FC0D500755BA7 /* wc_pkcs11.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = wc_pkcs11.h; path = ../../wolfssl/wolfcrypt/wc_pkcs11.h; sourceTree = "<group>"; };
700F0CEA2A2FC0D500755BA7 /* rc2.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = rc2.h; path = ../../wolfssl/wolfcrypt/rc2.h; sourceTree = "<group>"; };
700F0CEB2A2FC0D500755BA7 /* wolfmath.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = wolfmath.h; path = ../../wolfssl/wolfcrypt/wolfmath.h; sourceTree = "<group>"; };
700F0CEC2A2FC0D500755BA7 /* sphincs.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = sphincs.h; path = ../../wolfssl/wolfcrypt/sphincs.h; sourceTree = "<group>"; };
9D2E31D6291CE2190082B941 /* dtls13.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = dtls13.c; path = ../../src/dtls13.c; sourceTree = "<group>"; };
9D2E31D9291CE2370082B941 /* dtls.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = dtls.c; path = ../../src/dtls.c; sourceTree = "<group>"; };
9D2E31DC291CE2740082B941 /* quic.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = quic.c; path = ../../src/quic.c; sourceTree = "<group>"; };
@@ -638,6 +638,7 @@
700F0CD22A2FC0D500755BA7 /* ed448.h */,
700F0CE12A2FC0D500755BA7 /* ed25519.h */,
700F0CDD2A2FC0D500755BA7 /* falcon.h */,
700F0D992A2FC0D500755BA7 /* wc_slhdsa.h */,
700F0CDE2A2FC0D500755BA7 /* fe_448.h */,
700F0CC72A2FC0D400755BA7 /* fe_operations.h */,
700F0CCF2A2FC0D500755BA7 /* fips.h */,
@@ -656,7 +657,6 @@
700F0CD42A2FC0D500755BA7 /* siphash.h */,
700F0CDF2A2FC0D500755BA7 /* sp_int.h */,
700F0CD12A2FC0D500755BA7 /* sp.h */,
700F0CEC2A2FC0D500755BA7 /* sphincs.h */,
700F0CDC2A2FC0D500755BA7 /* srp.h */,
700F0CE82A2FC0D500755BA7 /* wc_pkcs11.h */,
700F0CD62A2FC0D500755BA7 /* wolfevent.h */,
+4 -4
View File
@@ -257,6 +257,7 @@
700F0C0E2A2FBC5100755BA7 /* ed448.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BF82A2FBC1600755BA7 /* ed448.h */; };
700F0C0F2A2FBC5100755BA7 /* ed25519.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BF42A2FBC1600755BA7 /* ed25519.h */; };
700F0C112A2FBC5100755BA7 /* falcon.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0C022A2FBC1600755BA7 /* falcon.h */; };
700F0C9A2A2FBC5100755BA7 /* wc_slhdsa.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0C992A2FBC1600755BA7 /* wc_slhdsa.h */; };
700F0C122A2FBC5100755BA7 /* fe_448.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BEB2A2FBC1500755BA7 /* fe_448.h */; };
700F0C132A2FBC5100755BA7 /* fe_operations.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BF62A2FBC1600755BA7 /* fe_operations.h */; };
700F0C142A2FBC5100755BA7 /* fips.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0C002A2FBC1600755BA7 /* fips.h */; };
@@ -274,7 +275,6 @@
700F0C202A2FBC5100755BA7 /* siphash.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BFE2A2FBC1600755BA7 /* siphash.h */; };
700F0C212A2FBC5100755BA7 /* sp_int.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BE82A2FBC1500755BA7 /* sp_int.h */; };
700F0C222A2FBC5100755BA7 /* sp.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BE92A2FBC1500755BA7 /* sp.h */; };
700F0C232A2FBC5100755BA7 /* sphincs.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BE22A2FBC1500755BA7 /* sphincs.h */; };
700F0C242A2FBC5100755BA7 /* srp.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BF32A2FBC1600755BA7 /* srp.h */; };
700F0C262A2FBC5100755BA7 /* wc_pkcs11.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BF52A2FBC1600755BA7 /* wc_pkcs11.h */; };
700F0C272A2FBC5100755BA7 /* wolfevent.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BE62A2FBC1500755BA7 /* wolfevent.h */; };
@@ -621,6 +621,7 @@
700F0C0E2A2FBC5100755BA7 /* ed448.h in CopyFiles */,
700F0C0F2A2FBC5100755BA7 /* ed25519.h in CopyFiles */,
700F0C112A2FBC5100755BA7 /* falcon.h in CopyFiles */,
700F0C9A2A2FBC5100755BA7 /* wc_slhdsa.h in CopyFiles */,
700F0C122A2FBC5100755BA7 /* fe_448.h in CopyFiles */,
700F0C132A2FBC5100755BA7 /* fe_operations.h in CopyFiles */,
700F0C142A2FBC5100755BA7 /* fips.h in CopyFiles */,
@@ -638,7 +639,6 @@
700F0C202A2FBC5100755BA7 /* siphash.h in CopyFiles */,
700F0C212A2FBC5100755BA7 /* sp_int.h in CopyFiles */,
700F0C222A2FBC5100755BA7 /* sp.h in CopyFiles */,
700F0C232A2FBC5100755BA7 /* sphincs.h in CopyFiles */,
700F0C242A2FBC5100755BA7 /* srp.h in CopyFiles */,
700F0C262A2FBC5100755BA7 /* wc_pkcs11.h in CopyFiles */,
700F0C272A2FBC5100755BA7 /* wolfevent.h in CopyFiles */,
@@ -971,7 +971,6 @@
6AC8513B272CB04F00F2B32A /* kdf.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = kdf.h; path = ../../wolfssl/wolfcrypt/kdf.h; sourceTree = "<group>"; };
700F0BE02A2FBC1500755BA7 /* rc2.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = rc2.h; path = ../../wolfssl/wolfcrypt/rc2.h; sourceTree = "<group>"; };
700F0BE12A2FBC1500755BA7 /* hpke.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = hpke.h; path = ../../wolfssl/wolfcrypt/hpke.h; sourceTree = "<group>"; };
700F0BE22A2FBC1500755BA7 /* sphincs.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = sphincs.h; path = ../../wolfssl/wolfcrypt/sphincs.h; sourceTree = "<group>"; };
700F0BE32A2FBC1500755BA7 /* curve448.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = curve448.h; path = ../../wolfssl/wolfcrypt/curve448.h; sourceTree = "<group>"; };
700F0BE52A2FBC1500755BA7 /* curve25519.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = curve25519.h; path = ../../wolfssl/wolfcrypt/curve25519.h; sourceTree = "<group>"; };
700F0BE62A2FBC1500755BA7 /* wolfevent.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = wolfevent.h; path = ../../wolfssl/wolfcrypt/wolfevent.h; sourceTree = "<group>"; };
@@ -1001,6 +1000,7 @@
700F0C002A2FBC1600755BA7 /* fips.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = fips.h; path = ../../wolfssl/wolfcrypt/fips.h; sourceTree = "<group>"; };
700F0C012A2FBC1600755BA7 /* ge_operations.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = ge_operations.h; path = ../../wolfssl/wolfcrypt/ge_operations.h; sourceTree = "<group>"; };
700F0C022A2FBC1600755BA7 /* falcon.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = falcon.h; path = ../../wolfssl/wolfcrypt/falcon.h; sourceTree = "<group>"; };
700F0C992A2FBC1600755BA7 /* wc_slhdsa.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = wc_slhdsa.h; path = ../../wolfssl/wolfcrypt/wc_slhdsa.h; sourceTree = "<group>"; };
700F0C032A2FBC1600755BA7 /* async.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = async.h; path = ../../wolfssl/wolfcrypt/async.h; sourceTree = "<group>"; };
700F0C292A2FBCAD00755BA7 /* quic.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = quic.h; path = ../../wolfssl/quic.h; sourceTree = "<group>"; };
700F0C2A2A2FBCAD00755BA7 /* sniffer_error.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = sniffer_error.h; path = ../../wolfssl/sniffer_error.h; sourceTree = "<group>"; };
@@ -1148,6 +1148,7 @@
700F0BF82A2FBC1600755BA7 /* ed448.h */,
700F0BF42A2FBC1600755BA7 /* ed25519.h */,
700F0C022A2FBC1600755BA7 /* falcon.h */,
700F0C992A2FBC1600755BA7 /* wc_slhdsa.h */,
700F0BEB2A2FBC1500755BA7 /* fe_448.h */,
700F0BF62A2FBC1600755BA7 /* fe_operations.h */,
700F0C002A2FBC1600755BA7 /* fips.h */,
@@ -1165,7 +1166,6 @@
700F0BFE2A2FBC1600755BA7 /* siphash.h */,
700F0BE82A2FBC1500755BA7 /* sp_int.h */,
700F0BE92A2FBC1500755BA7 /* sp.h */,
700F0BE22A2FBC1500755BA7 /* sphincs.h */,
700F0BF32A2FBC1600755BA7 /* srp.h */,
700F0BF52A2FBC1600755BA7 /* wc_pkcs11.h */,
700F0BE62A2FBC1500755BA7 /* wolfevent.h */,
+3 -5
View File
@@ -252,17 +252,15 @@
The following NIST Competition winning algorithms are supported by the
native wolfSSL implementation:
- ML-KEM (CRYSTALS-KYBER) (key encapsulation mechanism)
- ML-DSA (CRYSTALS-Dilithium) (signature scheme)
- ML-KEM (FIPS 203, CRYSTALS-KYBER) (key encapsulation mechanism)
- ML-DSA (FIPS 204, CRYSTALS-Dilithium) (signature scheme)
- SLH-DSA (FIPS 205, SPHINCS+) (signature scheme)
Falcon (signature scheme) is still provided through liboqs integration.
To enable it, pass both --with-liboqs and --enable-falcon to configure
(CMake: -DWOLFSSL_OQS=yes -DWOLFSSL_FALCON=yes). Passing --with-liboqs
without --enable-falcon (or vice versa) is now an error.
SPHINCS+ is in the middle of being replaced with native SLH-DSA; see
PR #10261. Until that lands, SPHINCS+ continues to build via liboqs.
The following NIST Competition Round 3 finalist algorithms were supported,
but have been removed after 5.3.3
- SABER (KEM)
+1 -1
View File
@@ -159,7 +159,7 @@ include certs/intermediate/include.am
include certs/falcon/include.am
include certs/rsapss/include.am
include certs/dilithium/include.am
include certs/sphincs/include.am
include certs/slhdsa/include.am
include certs/rpk/include.am
include certs/acert/include.am
include certs/mldsa/include.am
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
+57
View File
@@ -0,0 +1,57 @@
-----BEGIN PRIVATE KEY-----
MIIKPgIBADALBglghkgBZQMEAxEEggoqMIIKJgQgB5k2MNHvdz51ebw/tXj6ECZ3
eScZNPdog84ItrvpBhgEggoAnXtmhZqzy98ZxarirCp5r/H94riNkdr1joa0kTwV
KhLGmElj7VDLeQ1YQ/IAjjVfJS88y6vZBIUgHV5ViJRkN0/TZIm+4svclsximVbe
JozeMBhm+dkb8c8yxXhIAgSyOxY96ahsgQaf9Gl3foY0pd2xSSDgLxcr3GL5k14X
UThKgghIBiQISGCStFETBSgauI2JtCiQqGQMgUTjxomEFg5EAkALly3ZSJIBFWRC
OGgaJ44TE1IAMQLEAiYUQk0QKJAgMTIBwWALAWyAAGxjJlACgEVKpkAcsiUIIWIk
SU4hh0gbSAIchmQEopDasIkUGU5JJgUYyQCapIXcpEhBIoECNXBjJorUEGEgRIij
omACooEZtHCcFoSBAkEitZHSCFESNEHTuBEIITJCRGUASGmSRhIilGHCtnDimI3T
JgmEIgoJuQ1MsGQDJC4BloSZBBGbyBGjEpAMFgqMICyUCEYEtg1gsIjcBCKaRkIh
Qk1JRikkJ2ITJQUKhAVKEEakBoAcNIIapUwZlokkJmEQRozBGEgcGW0EmI2LRgIC
kA1cEmVKFHICwWUbIU1cOG0DQYykJg6JooBKQCYcmWmBEjDDQCEiRmEiQ3ICRyYQ
oQmBIgbDIi5kMhIBsgFZlkUENQjDto0UMGwMlQyjSIBjQFAAICbcICQBRnHhQFHC
Eg3EEEAMQyQCMyYCyAQaIwjgFoqasC0TQAhDIjJEOG3RRJDUhglIggDimGgSsZEJ
kG3JMIXAhICcxkzhEJHYljDatmjIxmXjBlBcFBECREmbomhaMpBSgEUAJjACRkzU
yEmcuJDEIIoMFQ0JN44SRkUIIyUhoRGAkGWTRnLhKG1EllGBEoAERkqLEG0TRlFT
NkrhpkXgIgFIpgASkXAjs0ACqGXbQgbgBmrjlmFIlGVDImncIoWbhIlZGGRDsCCL
qClYMCQKF44RQS0kuCWJFCAUQZEjoiQhFyERsQQDhEwLI2JQhmVUIkJCgoAIpVHZ
BjEjAJEQqU3iBGZENjCLskmYxnAZpIxapg1jAC6blHCKIC1iJixCJmwSEy7bGAgR
IS6KsHEBwSzjRGLjlCgLOHBAFGViwEGhBiGCokSUsCwhEI0UlnESFAURJwQSl2XE
Am5YxGzAEHCEwEWZElKAqIjTuCgBF3ADwxCIGApTkkBTxiCTwIGkkJCTkgUiiAjI
AGTwGc/fNxkyya8KPEqPnLO0SilcbdKBED+fTSMYZe4Dp+sUmcCrbC6tMaAVf/0S
wwuGjR0PGY4s3cHO8nXCP//DvH1cQFCB1ZLJ3IlWAARkZiepwEPNXdbmx4So8ALa
o/LXJ6xSMLOVUzQxHwbydLpYUs+5C9E5PmD+2VVy+9lcLZ5fXZXj+CVtFHAk+BUE
JBQVq6UzyeD9nLM9V+/04ochm9QnPm57I55WfGfSOepStb1t2gDHHgrubRb7mjSu
i4V7aZqY1hUmGU8JveAGeZMsnqqHPMarygeYqbRjkHgTKNxi8wQE1VWKkfuL3B1q
UxbeGYjnlvyxtRHnkU5ixqS4qwh/dQZFC1RjeH0KhGSWo51Ec/YWdEY1EKKcvlvA
4V7EqCSr4cJZUhbYybY+WK37yDZlfvGOT5HI4vOn0yirYiGWljHvoa/pLjb+Cevx
jfr7WDmjzkXkH92MJKnXM4D1uwURUsu8swkULgrdROQvhYROCdoLIHhhKrlnnITg
67uV0DFdg5EVvyf1HiXJxUioqoz86mB6zZeSqwfHngtUvEHcf/eJchLuhRiGG+BE
4U97dT0n94LuOPdh48ml21n/IA18uNIs7IhdxAMIZ7RyO1zGFqsaa3KZh4CnNVq5
kU5cesaUGNLll3zVkV1XVun/WmT5yP8qWrrODc9nCbEtY8VyeMdPwcAjQq/yuC95
t/ddpbrVD6ib8q9dcpKGzhBS090VFWWoOMKYJ0dOsd4Fi9k21w/1M25MnEl9jgd5
dxSK6juGxK/5TI9DJr+kaPSz59IDxIUc1QoYVVH+sVuOee0Hh3261AmYk8upTzHO
4qs68m06608sGmvy/4H69DS+tU4a6vIQez6Wz2c32K7wPQOo5pMdWbwaBrQcDWjy
vidYGmaSyjdjZypZYr1A1enZSklpjEz0ZYU0zDfQXj5linNrMtL6bFSUtyB1bkrJ
+HLI3NoJyuOUm/jr6DK+u0FotgGN6Z/Tf/2R4ivATvlCW6LsyDUPNtnRiGWiKupQ
mRlQMSQQe1ZnpKXK46XJd7TRityk/8ru2Fg+baXUszkVossCnP6TZhjY0s6yjU0o
YsR7OeIqAm44Wcw12pmywZMktmOo/jeRMngR+ZVyLdFRQBOQ+qc9XfrOwT3Uq7dL
jNHZRcZ+DMa83RH6UoNZLaeorj+4WKKEFAV3+bn+BdFK+eh9Hri0OfyAHbI4jcRj
wOkVX/72gbI94BPs0HUdA7hr3BO2CbGC5AISGMseLc7u8sSkmhumUcP9c8HFhee7
ROdhngADChjkYoZF2PpbcUaGDjqJbbLXDtdlPswW5Zwt8g5EZBT9qS+26HiiVKNF
XrAUAveh4BZY2cNYWuZypwqfM/jVGFQegFQeUWlTYFfw+caXS1uY5hrBtGHtPcfo
FNaSSXxGHjogtiCzJeD4OerJfcs4mAOVmplprtQMHlA0bYVqMy+MA2qkGv2sijQI
6Yi2oLmWp0E3f+fC0a/lYGgG/nCBgLT+922I7MaQOAQ0JBu4V4ZA0hnsoTYR/yI0
jDE/Y6FPzmdzXHhdhcjYQFpA34g98230m7Ypvwfd2VEnppeyb2HvHKkBUivQEuRA
puolgLqAYYeljX5xCWj7xggvmCznqzC03jm2cf8ykGFl+cQWftrEBXcL8fngwH0U
V29IuurgxZNgFOP4amey3FboN39ZY1x30uOnc1OcjfSs6QeKHL6nTR9gNp8znfQt
T2HdM0AfbhCf9x/wlYlijAT3ZOBm0EtKeZZwVtsH2q8A0VTsB6wJJZFG0U+/UOnm
VHORx/tnM+sBG9xFWtyjljVscZum5ytllS2ugQooMfAqngHigy/gpGXKkkoPMkW1
5hkkRCsr6mRGsknQL+JkDR/u5CkEmYCLfHo6TNQY1Pc7DEQ5PQ8Q1B9Hf7Hf0sHX
HR/3KTZUS45Vm8sI9TEP1AxeGFl+6u9a0g3GlF2DvVWpL/6FgtmpkUD2zPmIunIJ
Np+hxXzqk9SuSKoukZMvG2Y+hw7doB4ZjSXfvzmC33p8fJWyvScrPXbvBTj8ijhG
bdWqOWupyvWf/YHCT6WMEpCjA+b9eWpIaWzDeDCdeaaBp/Tpz06dWAEQ7SwnLlyq
yNBX7wWl55+NB6fXSAV7cBes49RKCZLEjoQDdFphYQ4aDB+MTtlslkKskwvUFGzY
Jw6buXcN1d2CCPWJ20SGjbIsqAZfvExzJ/4yJjwzg9oYyQ==
-----END PRIVATE KEY-----
Binary file not shown.
File diff suppressed because it is too large Load Diff
Binary file not shown.
File diff suppressed because it is too large Load Diff
+168
View File
@@ -0,0 +1,168 @@
#!/usr/bin/env bash
#
# Regenerate SLH-DSA root certificates and ML-DSA-44 entity certificates
# used by tests/test-tls13-slhdsa-{shake,sha2}.conf.
#
# Requires: OpenSSL >= 3.5 (native SLH-DSA + ML-DSA support).
#
# The ML-DSA-44 entity keys are reused from ../mldsa/ (mldsa44_bare-priv.der
# for the server, mldsa44_seed-priv.der for the client) so this script does
# not generate or write new entity private keys.
check_result(){
if [ "$1" -ne 0 ]; then
echo "Failed at \"$2\", Abort"
exit 1
else
echo "Step Succeeded!"
fi
}
# Always operate inside the script's own directory so relative paths
# (../mldsa/, ../renewcerts/) resolve regardless of where the script
# was invoked from.
cd "$(dirname "$0")"
# Capability probe: bail out cleanly if the local OpenSSL doesn't speak
# SLH-DSA (e.g. < 3.5). The committed PEM/DER under this directory are the
# authoritative test fixtures; this script is for renewal only. `-help`
# prints regardless of algorithm support, so we actually try a generation
# (output discarded) and check the exit code.
if ! openssl genpkey -algorithm SLH-DSA-SHAKE-128s -out /dev/null \
>/dev/null 2>&1; then
echo "OpenSSL does not support SLH-DSA"
echo "Skipping SLH-DSA certificate renewal"
exit 0
fi
if ! openssl genpkey -algorithm ML-DSA-44 -out /dev/null \
>/dev/null 2>&1; then
echo "OpenSSL does not support ML-DSA"
echo "Skipping SLH-DSA certificate renewal"
exit 0
fi
CNF=../renewcerts/wolfssl.cnf
SERVER_KEY_DER=../mldsa/mldsa44_bare-priv.der
CLIENT_KEY_DER=../mldsa/mldsa44_seed-priv.der
if [ ! -f "$SERVER_KEY_DER" ] || [ ! -f "$CLIENT_KEY_DER" ]; then
echo "Missing reused ML-DSA-44 entity keys under ../mldsa/"
exit 1
fi
# wolfSSL example server only loads PEM keys from CLI, so emit a PEM
# transcoding of each reused DER key under this directory. These are
# byte-for-byte the same key material as the source .der files; we just
# wrap them in PEM headers so the .conf-driven test harness can use them.
SERVER_KEY=server-mldsa44-priv.pem
CLIENT_KEY=client-mldsa44-priv.pem
openssl pkey -in "$SERVER_KEY_DER" -inform DER -out "$SERVER_KEY"
check_result $? "Convert server ML-DSA-44 key to PEM"
openssl pkey -in "$CLIENT_KEY_DER" -inform DER -out "$CLIENT_KEY"
check_result $? "Convert client ML-DSA-44 key to PEM"
# $1 = tag (shake|sha2), $2 = OpenSSL algorithm name
gen_variant() {
local tag=$1
local alg=$2
local root_base="root-slhdsa-${tag}-128s"
echo "====================================================================="
echo " Generating ${alg} root + ML-DSA-44 entity certs (tag=${tag})"
echo "====================================================================="
############################################################
# Self-signed SLH-DSA root
############################################################
echo "Generating ${root_base} key + self-signed cert"
openssl genpkey -algorithm "$alg" -out "${root_base}-priv.pem"
check_result $? "Generate SLH-DSA root key (${tag})"
echo -e "US\\nMontana\\nBozeman\\nwolfSSL_SLH-DSA\\nRoot-SLH-DSA-${tag}\\nwww.wolfssl.com\\ninfo@wolfssl.com\\n.\\n.\\n" | \
openssl req -new -key "${root_base}-priv.pem" -config "$CNF" -nodes \
-out "${root_base}.csr"
check_result $? "Generate root CSR (${tag})"
openssl x509 -req -in "${root_base}.csr" -days 1000 \
-extfile "$CNF" -extensions ca_ecc_cert \
-signkey "${root_base}-priv.pem" \
-out "${root_base}.pem"
check_result $? "Generate root cert (${tag})"
rm -f "${root_base}.csr"
openssl x509 -in "${root_base}.pem" -outform DER > "${root_base}.der"
check_result $? "Convert root cert to DER (${tag})"
openssl pkey -in "${root_base}-priv.pem" -outform DER \
-out "${root_base}-priv.der"
check_result $? "Convert root key to DER (${tag})"
openssl x509 -in "${root_base}.pem" -text > tmp.pem
mv tmp.pem "${root_base}.pem"
############################################################
# ML-DSA-44 server cert signed by the SLH-DSA root
############################################################
local server_cert="server-mldsa44-${tag}.pem"
echo "Generating ${server_cert}"
echo -e "US\\nMontana\\nBozeman\\nwolfSSL_SLH-DSA\\nServer-mldsa44-${tag}\\nwww.wolfssl.com\\ninfo@wolfssl.com\\n\\n\\n\\n" | \
openssl req -new -key "$SERVER_KEY" -config "$CNF" -nodes \
-out "server-mldsa44-${tag}.csr"
check_result $? "Generate server CSR (${tag})"
openssl x509 -req -in "server-mldsa44-${tag}.csr" -days 1000 \
-extfile "$CNF" -extensions server_ecc \
-CA "${root_base}.pem" -CAkey "${root_base}-priv.pem" \
-set_serial 01 \
-out "server-mldsa44-${tag}-cert.pem"
check_result $? "Sign server cert (${tag})"
rm -f "server-mldsa44-${tag}.csr"
openssl x509 -in "server-mldsa44-${tag}-cert.pem" -outform DER \
> "server-mldsa44-${tag}.der"
check_result $? "Server cert to DER (${tag})"
openssl x509 -in "server-mldsa44-${tag}-cert.pem" -text > tmp.pem
mv tmp.pem "server-mldsa44-${tag}-cert.pem"
# Server-served chain: leaf || root (ed25519 convention)
cat "server-mldsa44-${tag}-cert.pem" "${root_base}.pem" > "$server_cert"
rm -f "server-mldsa44-${tag}-cert.pem"
############################################################
# ML-DSA-44 client cert signed by the SLH-DSA root
############################################################
local client_cert="client-mldsa44-${tag}.pem"
echo "Generating ${client_cert}"
echo -e "US\\nMontana\\nBozeman\\nwolfSSL_SLH-DSA\\nClient-mldsa44-${tag}\\nwww.wolfssl.com\\ninfo@wolfssl.com\\n\\n\\n\\n" | \
openssl req -new -key "$CLIENT_KEY" -config "$CNF" -nodes \
-out "client-mldsa44-${tag}.csr"
check_result $? "Generate client CSR (${tag})"
openssl x509 -req -in "client-mldsa44-${tag}.csr" -days 1000 \
-extfile "$CNF" -extensions client_ecc \
-CA "${root_base}.pem" -CAkey "${root_base}-priv.pem" \
-set_serial 02 \
-out "client-mldsa44-${tag}-cert.pem"
check_result $? "Sign client cert (${tag})"
rm -f "client-mldsa44-${tag}.csr"
openssl x509 -in "client-mldsa44-${tag}-cert.pem" -outform DER \
> "client-mldsa44-${tag}.der"
check_result $? "Client cert to DER (${tag})"
openssl x509 -in "client-mldsa44-${tag}-cert.pem" -text > tmp.pem
mv tmp.pem "client-mldsa44-${tag}-cert.pem"
cat "client-mldsa44-${tag}-cert.pem" "${root_base}.pem" > "$client_cert"
rm -f "client-mldsa44-${tag}-cert.pem"
echo "Variant ${tag} complete."
}
gen_variant shake SLH-DSA-SHAKE-128s
gen_variant sha2 SLH-DSA-SHA2-128s
echo
echo "All SLH-DSA / ML-DSA-44 test certificates regenerated."
+36
View File
@@ -0,0 +1,36 @@
# vim:ft=automake
# All paths should be given relative to the root
#
EXTRA_DIST += \
certs/slhdsa/bench_slhdsa_shake128s_key.der \
certs/slhdsa/bench_slhdsa_shake128f_key.der \
certs/slhdsa/bench_slhdsa_shake192s_key.der \
certs/slhdsa/bench_slhdsa_shake192f_key.der \
certs/slhdsa/bench_slhdsa_shake256s_key.der \
certs/slhdsa/bench_slhdsa_shake256f_key.der \
certs/slhdsa/bench_slhdsa_sha2_128s_key.der \
certs/slhdsa/bench_slhdsa_sha2_128f_key.der \
certs/slhdsa/bench_slhdsa_sha2_192s_key.der \
certs/slhdsa/bench_slhdsa_sha2_192f_key.der \
certs/slhdsa/bench_slhdsa_sha2_256s_key.der \
certs/slhdsa/bench_slhdsa_sha2_256f_key.der \
certs/slhdsa/gen-slhdsa-mldsa-certs.sh \
certs/slhdsa/server-mldsa44-priv.pem \
certs/slhdsa/client-mldsa44-priv.pem \
certs/slhdsa/root-slhdsa-shake-128s-priv.pem \
certs/slhdsa/root-slhdsa-shake-128s-priv.der \
certs/slhdsa/root-slhdsa-shake-128s.pem \
certs/slhdsa/root-slhdsa-shake-128s.der \
certs/slhdsa/server-mldsa44-shake.pem \
certs/slhdsa/server-mldsa44-shake.der \
certs/slhdsa/client-mldsa44-shake.pem \
certs/slhdsa/client-mldsa44-shake.der \
certs/slhdsa/root-slhdsa-sha2-128s-priv.pem \
certs/slhdsa/root-slhdsa-sha2-128s-priv.der \
certs/slhdsa/root-slhdsa-sha2-128s.pem \
certs/slhdsa/root-slhdsa-sha2-128s.der \
certs/slhdsa/server-mldsa44-sha2.pem \
certs/slhdsa/server-mldsa44-sha2.der \
certs/slhdsa/client-mldsa44-sha2.pem \
certs/slhdsa/client-mldsa44-sha2.der
Binary file not shown.
@@ -0,0 +1,4 @@
-----BEGIN PRIVATE KEY-----
MFICAQAwCwYJYIZIAWUDBAMUBEBIDLnGQ7/b2dqaWSNZ6GNUDPTUVnm6hv7L66kx
FwCox6bgJKhKGBBNzcbaIyRn3paVgQCmys5D5P38exqM+ut+
-----END PRIVATE KEY-----
Binary file not shown.
+644
View File
@@ -0,0 +1,644 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
65:47:75:b4:58:fa:b2:e1:1f:16:b5:5f:25:49:b4:7f:2a:12:60:56
Signature Algorithm: SLH-DSA-SHA2-128s
Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL_SLH-DSA, OU=Root-SLH-DSA-sha2, CN=www.wolfssl.com, emailAddress=info@wolfssl.com
Validity
Not Before: Apr 28 08:10:05 2026 GMT
Not After : Jan 22 08:10:05 2029 GMT
Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_SLH-DSA, OU=Root-SLH-DSA-sha2, CN=www.wolfssl.com, emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: SLH-DSA-SHA2-128s
SLH-DSA-SHA2-128s Public-Key:
pub:
a6:e0:24:a8:4a:18:10:4d:cd:c6:da:23:24:67:de:
96:95:81:00:a6:ca:ce:43:e4:fd:fc:7b:1a:8c:fa:
eb:7e
X509v3 extensions:
X509v3 Subject Key Identifier:
BD:80:23:3A:06:DD:38:57:EE:6B:C2:94:7B:EA:BF:43:57:3A:B0:8C
X509v3 Authority Key Identifier:
BD:80:23:3A:06:DD:38:57:EE:6B:C2:94:7B:EA:BF:43:57:3A:B0:8C
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
Signature Algorithm: SLH-DSA-SHA2-128s
Signature Value:
10:3c:70:c5:f5:b1:4f:1c:77:85:34:b9:b3:57:97:62:ef:e7:
4d:17:67:56:63:74:02:e1:50:5c:5b:dc:56:94:45:d7:f9:6b:
76:fd:fb:e2:00:16:0b:5a:0f:86:86:7e:1e:0c:4e:7f:d0:95:
cb:d4:8d:09:58:53:4e:e2:9f:0e:11:2e:38:dc:c0:87:ec:6f:
25:ef:1b:59:81:ab:71:69:51:2e:3c:2f:f6:eb:f2:22:73:62:
e1:a2:68:b3:67:db:2e:05:16:fa:bc:ae:b6:22:cb:c2:0f:fd:
88:1e:36:43:27:13:de:61:01:0c:ba:5a:df:0a:69:17:45:c2:
77:b5:df:87:62:b3:16:6e:8e:57:e0:3b:9f:02:80:5d:f0:92:
76:51:73:2e:7a:25:1c:88:79:dd:0d:55:c5:73:94:b3:76:52:
39:fb:58:0d:34:fe:74:38:45:fc:99:39:87:c7:fe:4b:2a:7c:
51:ae:92:ee:5f:28:16:13:04:b5:f0:5f:93:90:74:d0:e0:f4:
1d:06:af:6b:ad:33:fe:2c:d5:9a:e5:10:32:7f:01:2f:7e:97:
c6:ff:b6:57:97:56:cc:5a:5a:9a:79:de:19:b0:9c:0b:57:bb:
bb:e5:8b:91:2c:cd:19:2d:7c:75:8e:71:4f:c5:c5:88:74:5c:
5d:27:82:dc:94:58:7d:6e:71:6e:78:c5:f3:0d:3b:85:95:2a:
da:4d:af:34:a9:3c:02:88:cc:45:1d:08:0c:9d:20:39:73:06:
0a:2d:ba:8a:5d:a9:44:32:24:32:b1:d1:fd:d1:7f:b4:10:56:
3a:15:12:a5:f6:c1:6f:16:ef:84:5e:86:ab:5b:9b:a7:b4:21:
e3:43:86:1a:50:f8:95:b3:b0:10:56:0e:26:b6:5a:46:75:51:
e2:7a:5a:76:2b:14:4e:57:5d:88:61:27:16:8c:e0:6a:ad:87:
b1:19:89:80:87:aa:6a:59:69:18:fc:e3:5a:78:83:d8:58:3a:
ec:8e:b9:28:2a:22:e6:13:8f:ad:df:4e:4d:9e:99:6b:34:9a:
c5:c1:81:0e:28:1a:16:e5:60:d1:7d:1c:d7:5f:f8:3e:7d:1c:
7c:2d:18:5f:3a:5c:d2:d2:0b:db:c4:4f:69:57:a7:6d:60:95:
5e:04:fb:71:31:71:d1:e4:ee:dd:10:34:a5:9b:0c:7b:29:e9:
4b:85:3a:2f:64:87:93:9a:8f:06:9f:75:8a:c2:b3:a6:0c:ff:
94:7a:c8:f4:e6:14:31:b1:6f:20:ad:34:5c:3f:1a:67:c7:0e:
0e:89:00:c5:9f:d6:56:4b:8d:86:dc:64:94:e0:7e:4d:8b:cd:
43:5f:3b:46:c9:92:f0:a4:0d:df:b9:ab:38:aa:5b:3b:9c:af:
fa:fb:d5:f6:0b:25:96:30:33:28:3d:3f:1e:a6:10:43:58:53:
ae:88:a7:5b:8e:55:66:57:2e:0d:88:a9:5b:d3:71:0a:23:05:
47:82:ca:e6:0c:c8:d1:f2:99:9f:c9:37:2a:59:99:d4:f0:a5:
82:18:0b:98:f0:ee:be:0f:11:6f:2a:6a:14:dd:c4:c9:bc:ed:
80:ac:7c:ca:65:eb:fa:af:b3:29:a7:b2:c3:1c:42:1e:7d:3f:
d3:1a:f0:1b:30:f5:a3:53:8c:13:d3:96:82:01:a8:2e:d2:ae:
ea:f1:50:17:ae:cb:a4:7b:55:72:55:8b:90:28:f0:d9:5b:81:
f4:78:9b:b0:fe:a0:c4:6e:dc:25:fc:94:64:71:12:bf:fc:cd:
31:50:26:2d:e2:ef:38:05:14:82:b6:62:83:a9:86:cb:df:05:
ef:27:6a:cc:2c:8f:1c:5d:40:13:c1:e3:24:a6:7d:3c:83:1a:
78:79:7d:63:75:4f:68:b9:9c:75:b9:07:ed:62:16:29:22:c1:
cd:f2:52:02:e9:17:b0:d0:44:13:9c:25:c7:fd:39:df:eb:d5:
32:5e:bf:c5:47:81:18:83:63:96:89:4c:31:02:8f:c4:e9:7f:
27:8e:01:3f:44:4e:96:b0:73:ad:56:a7:95:4d:ab:a3:03:e2:
dc:33:65:d2:17:87:e8:07:be:95:17:64:3e:6c:87:cd:3a:e6:
0a:b8:e6:8b:e2:e9:d9:60:2a:ef:d5:c8:2f:7a:8d:ec:70:16:
10:a2:1d:12:16:41:a3:c1:07:2f:95:b1:d4:7f:9f:ca:16:ca:
72:1d:2d:df:3a:6f:93:eb:9e:76:34:3f:dd:a7:47:12:18:5b:
f4:34:2b:73:42:33:15:c8:19:0c:a8:10:d5:d3:04:81:e2:d1:
b4:3f:7e:53:34:d8:db:02:d6:60:b4:24:8c:28:4d:31:51:0b:
4e:c8:f1:4c:99:98:a7:36:ab:bc:ce:a2:d6:67:f5:b2:64:ec:
0e:e3:f3:82:46:d3:87:ce:1b:a9:46:d3:dc:1a:27:e2:5f:bf:
55:33:ca:e0:de:02:84:26:ed:57:58:27:f4:d6:3c:0d:a7:db:
40:2d:d8:c8:0c:84:47:97:fb:bf:49:8c:d2:1c:80:ff:da:d6:
3f:93:00:77:f3:31:f0:c8:57:46:5a:9a:15:25:0b:2d:d1:1b:
5a:eb:ae:09:0e:3e:24:e6:a9:eb:72:be:e4:45:d2:41:db:21:
dd:a7:1b:6e:62:3e:43:d9:62:34:31:62:76:d4:2e:39:48:fd:
54:9c:51:6a:f7:71:44:88:c0:c3:98:3b:66:e1:8e:0a:9d:e3:
68:a9:6a:d2:52:80:97:3d:9e:14:c9:bc:36:33:6f:24:9c:7b:
e1:8a:a5:a1:12:44:bf:61:a2:3b:da:18:b9:7f:9f:89:bb:10:
33:8f:46:18:92:49:5e:10:81:a6:0b:06:19:19:a3:e8:06:c8:
fe:4e:94:20:de:70:36:7b:40:ee:04:ca:fc:fa:81:aa:87:9d:
ad:f3:57:78:0c:34:51:f4:fa:ef:78:58:1e:e9:0f:b9:75:f6:
a5:09:a0:91:7f:80:19:80:17:4b:5c:a9:b9:6d:b6:00:f8:17:
90:e1:b7:4f:21:33:64:1d:d1:d5:a8:78:a0:98:46:0a:0a:0e:
72:dc:2a:67:8e:57:44:00:76:2e:79:b9:4e:c7:78:b2:a7:12:
17:75:44:6c:ce:a6:d7:ae:25:54:6c:5d:eb:3d:92:74:65:26:
f7:6d:23:1a:43:91:ad:2e:20:c8:f4:fa:13:a9:97:ea:7e:a9:
61:94:81:a7:cd:b3:60:a9:62:4c:ec:8b:91:21:a9:d3:7c:39:
9f:3f:4c:f8:8f:16:81:3f:23:3a:20:64:7a:10:ce:82:d7:24:
28:ea:e0:74:6a:ea:62:bd:e3:06:90:1e:92:ca:fa:2d:25:a5:
70:52:8f:a1:3f:9f:7a:7a:f3:55:4d:4b:8b:1d:1e:ce:d0:61:
44:68:e5:c2:69:e8:14:2f:5c:90:96:72:8f:7e:39:61:c1:d4:
3d:36:bf:12:b4:de:31:3e:7e:f4:45:d9:6b:d8:9c:61:06:fe:
7d:43:ae:e3:c8:f4:3b:0d:7a:5d:b6:35:46:5d:5b:30:e9:9f:
de:49:53:d8:a7:97:61:33:ec:fe:dd:4a:89:c3:db:aa:39:4b:
01:f8:20:27:a3:0b:12:2f:03:fd:8d:69:5f:90:2a:62:97:93:
a6:d4:12:80:ee:98:47:93:d9:89:7d:46:f3:2d:61:8e:e6:9d:
7e:7e:42:07:0f:3e:15:08:9b:49:36:98:1c:1e:dc:57:5d:eb:
ab:35:4b:33:eb:2f:fd:a5:6e:92:45:5d:21:df:d4:74:83:02:
a9:3c:bd:88:ed:d7:05:da:b5:2a:56:e1:ae:7c:53:a8:9d:f3:
24:bf:82:1d:09:20:66:b9:b8:4b:ee:b7:e0:9a:15:e3:99:bc:
e3:93:a4:2e:93:4a:c2:0c:8b:42:ee:29:42:f5:93:e9:b6:73:
8d:8d:24:4c:78:26:b7:dc:64:c7:94:8e:f3:2f:81:68:91:a5:
57:ec:c7:b3:7d:73:02:d0:20:18:16:7a:3b:dd:e9:65:08:84:
6b:40:19:f6:79:71:13:ca:8f:be:8a:ae:c2:a4:67:ae:0e:5b:
a8:55:01:38:5a:0e:0a:51:04:57:12:76:e6:cf:d8:57:25:a7:
8c:03:da:22:13:dd:90:e1:27:26:e0:d8:dc:9b:5a:6b:3a:0f:
e2:e3:8d:54:73:6e:12:02:72:f4:2b:c3:9b:80:3f:6f:fb:8a:
9e:fd:bb:e4:d7:c6:14:8a:19:d6:9f:30:bc:00:98:41:92:2b:
bd:a5:8e:ab:93:89:9d:6e:d4:8e:82:17:88:a6:19:2b:8b:a4:
67:e9:5b:ee:7f:bb:e6:a4:d7:cd:85:7a:c1:2d:15:8b:3d:4e:
25:71:63:5c:7e:72:b7:bc:e7:8e:a8:ad:d5:a4:2f:d2:56:cf:
b1:29:49:03:9e:d3:b9:ce:35:60:8d:d3:50:97:5f:4e:ac:72:
f4:b0:20:e4:91:75:cc:27:5e:ce:ae:04:77:1b:84:02:fe:0c:
bc:a7:dd:62:3e:55:e9:e7:5b:a3:c8:1d:08:34:18:53:bd:fa:
05:0c:e9:fc:84:73:0d:4b:9f:56:52:e5:09:e8:46:43:3b:4e:
59:fa:84:67:d5:c2:94:3d:ea:cb:9d:29:31:4d:91:61:90:f2:
1f:29:68:dc:34:5f:13:fd:b1:f2:38:72:85:f1:16:1c:7f:05:
e5:b8:32:57:3f:6a:68:ce:e5:58:1a:14:e5:1f:e7:b7:1c:04:
a6:e1:c5:86:c8:78:e3:62:92:fd:ff:9b:f1:e8:60:9c:40:b9:
1c:1d:7b:52:ad:ee:de:fa:04:bf:0b:bd:d9:34:bf:ef:4a:1b:
f2:0c:72:43:1e:55:24:b1:56:ae:0c:44:99:ef:b5:fb:e5:ee:
c6:20:7c:15:5f:66:c8:32:c3:e0:33:76:00:d3:b0:7e:be:0a:
28:79:3f:98:51:78:12:73:ae:b3:24:a5:a1:d3:1c:f8:6c:5a:
e7:c0:47:5f:86:a5:67:d5:3b:20:19:49:91:fd:c6:32:0c:96:
e9:df:ea:e1:8e:cf:4a:bd:9f:95:eb:88:2c:3c:f6:34:da:89:
f7:3a:d1:bb:0f:97:f0:38:99:ec:89:b4:b3:92:bf:ed:13:7d:
bc:14:54:16:63:01:f3:60:f0:f6:c4:e0:db:00:dc:c8:5f:13:
11:82:1d:04:73:a4:f1:8d:d0:8e:7a:4d:1f:9c:0e:8d:dc:fe:
7d:8f:97:5e:a1:97:c2:73:e7:45:94:19:19:93:f5:4f:fc:25:
8b:c3:1a:19:a7:1d:91:0a:bf:28:78:41:06:7d:09:d4:95:c5:
d2:8f:47:04:cf:3f:9a:be:72:b0:8a:d0:29:0d:87:b8:22:11:
2a:c6:c7:27:81:12:6f:9e:18:88:9c:8a:25:04:05:66:b1:ef:
b1:4c:48:f7:f7:53:ec:c8:72:bc:70:25:5e:19:be:3c:d7:f6:
1a:52:77:05:15:db:ba:99:2a:d6:bd:ce:a1:70:fc:30:40:cc:
bd:4d:e4:36:f0:fc:b9:54:31:48:d3:9c:bb:3b:51:08:a5:e8:
b0:3b:5b:0a:69:91:2c:f7:d4:50:07:4c:a8:2f:7b:43:82:64:
fb:c3:ca:48:5c:b9:f7:f3:bc:d6:21:43:c3:b5:26:61:06:86:
23:c6:7f:05:d7:0b:c1:e5:7d:5f:5a:c3:09:1a:7c:06:cb:35:
f8:a3:70:13:14:37:b6:98:00:88:24:b0:90:4f:f4:99:99:75:
d5:15:23:7b:5a:09:db:33:30:8b:b9:da:b2:08:7c:ea:39:3c:
88:96:a8:39:da:1e:22:5a:b3:be:f7:40:58:7a:6d:7b:88:de:
4c:57:30:f1:38:a5:cc:6a:e7:b3:c4:ef:8a:f1:4d:ca:2c:bf:
5b:05:02:30:97:10:12:dd:3f:8a:bf:0a:86:4f:57:63:79:bc:
2c:21:a2:c2:07:26:a4:96:d2:1a:d2:73:86:a9:af:2d:ca:ae:
6f:07:e7:26:f4:47:65:8e:0e:29:8f:ca:ce:16:cd:90:00:f0:
a6:19:a4:30:b8:d7:8a:da:de:5a:5b:54:91:9a:e1:75:6b:49:
f6:b8:67:0d:02:d2:c4:ec:67:f5:0f:c2:dc:11:c5:65:69:f5:
1f:44:44:af:1f:91:9c:29:1f:8b:e1:8e:9d:5c:9e:ac:72:fa:
4b:c9:29:9a:f1:1e:d1:64:6b:8e:22:5a:34:0f:53:47:ce:0b:
e3:07:49:cb:86:de:35:ec:17:e4:d5:df:cb:f4:de:0c:e1:b8:
93:97:88:9e:f6:0d:b3:fa:f7:4b:a6:52:ef:48:61:c1:43:f2:
32:f7:af:77:ab:75:c0:6c:08:b6:cd:63:cb:b6:64:e8:01:ed:
e4:62:39:36:38:ab:70:4d:c3:a4:b4:92:be:79:e0:f2:7d:7f:
06:52:48:bd:ba:c2:56:6d:af:1f:86:b6:7a:eb:e9:b4:fc:8c:
13:83:fc:25:f8:93:5f:52:c4:bb:4a:08:5a:a0:bf:bd:24:37:
4b:44:e4:a7:ea:fa:36:49:dd:86:1a:f9:f0:24:1b:ab:c1:1e:
8c:03:f8:8a:86:99:fd:3d:9d:9f:68:1a:96:47:73:18:22:3b:
7b:c0:76:02:1d:61:79:73:ac:f9:2c:45:ce:87:53:b5:f5:44:
8d:73:9b:38:d9:bb:a4:11:fd:f8:0c:16:c6:74:49:f0:e0:18:
10:c6:d1:2c:2b:5d:c4:17:72:60:e0:7c:d9:48:b3:eb:38:ba:
4f:e9:82:c2:10:9a:cd:bd:8e:e8:ff:be:f0:57:d8:e5:94:50:
15:6d:87:42:32:8b:d7:8a:07:22:8e:e2:31:e7:95:9b:22:4f:
5d:0d:51:02:49:1e:fc:66:51:bb:81:01:96:64:63:d8:57:43:
66:0d:1f:6c:b4:9a:16:b6:dd:09:c8:6d:0e:c0:79:1f:a6:49:
c8:11:79:d1:18:34:9a:4e:4f:1d:80:1e:47:5b:75:07:a1:74:
fa:52:d2:69:d1:24:d7:2a:cd:72:c6:c8:ec:7d:6b:6b:b6:f9:
e5:5e:9e:d4:24:a0:00:df:ab:b9:6d:57:58:90:18:ac:1c:bd:
af:c1:88:d8:90:5c:82:de:fa:4b:40:51:01:6d:45:c2:83:18:
a3:38:ca:e6:5d:c0:5a:dd:b9:68:0e:0d:c3:c2:f8:6a:8c:ee:
a8:6f:19:c2:d6:78:d6:57:33:7a:fb:c6:0a:db:47:aa:55:89:
47:a6:20:6f:0b:78:84:69:20:da:b5:6c:1b:d3:2c:d7:db:94:
38:e0:75:e7:6c:8f:4d:f5:e5:42:16:c6:91:93:6a:41:39:a5:
77:92:02:49:63:0f:74:c3:b2:55:3f:b1:33:e5:7b:d9:ff:59:
ae:a1:6e:1c:06:bf:76:98:dc:ae:94:39:49:3f:5d:d6:b0:fa:
06:3e:29:8e:40:62:b8:b7:dc:22:11:50:48:19:41:37:c5:e4:
34:b8:25:60:98:ed:b9:4a:68:47:a9:e6:2d:d7:e5:ef:35:e7:
6f:a8:9f:a5:b2:0f:0d:98:fa:9e:ff:fb:c5:57:83:69:98:b0:
37:06:fb:4c:0d:17:ad:e9:68:2b:c3:42:1c:f6:0c:ac:7f:ca:
1b:ba:a9:90:b8:f6:e1:a2:2a:45:8d:f5:aa:e5:8b:4a:16:f6:
0e:3a:38:ee:25:d9:5f:b6:f8:fc:7b:a8:c6:88:e3:ea:f0:1f:
a1:b0:e7:46:e4:b0:59:08:95:02:25:0c:6a:8a:3d:56:3d:c9:
a8:12:dd:47:b4:2d:5a:f6:ae:43:cc:3e:4c:7f:4e:ab:b1:78:
2a:59:6d:6f:ca:93:21:e4:f6:ad:91:a6:1d:da:a9:16:8f:e6:
1a:d2:c9:22:13:62:8f:be:28:96:bd:23:59:38:91:75:b5:84:
bc:ae:b9:5f:07:4a:dd:fd:a8:fc:e6:6d:0d:04:e2:76:fe:30:
0b:e9:9b:60:1c:98:bf:92:80:57:45:ba:53:d2:61:f7:50:51:
d2:ad:9c:03:39:96:39:ee:45:64:04:b3:ca:02:bf:ec:3b:d1:
ab:ec:8d:97:9a:ec:1a:ac:62:99:85:f6:15:c7:d9:b0:2b:f4:
dc:55:f4:19:ac:7e:36:59:70:ee:8c:79:98:89:61:86:25:bd:
b3:38:9e:49:ed:8a:ce:61:1d:d1:13:99:96:74:9e:4f:43:78:
c0:c9:a2:f3:62:92:f8:aa:6b:ca:91:7e:29:d1:80:27:64:68:
e1:0f:9b:fc:fe:64:99:0f:d6:8e:d3:78:d8:ea:fd:e5:0a:55:
34:8b:f1:b4:d9:1b:a5:bb:30:f9:1a:f4:19:3c:3d:af:ac:5f:
ce:9b:27:08:18:52:6f:b0:aa:02:0d:46:84:73:92:f1:0b:16:
12:9b:cf:bc:f3:97:bc:c2:9c:18:57:cc:55:63:21:de:f7:32:
c1:3e:fb:88:de:f7:ae:f0:11:10:5b:5f:04:df:9d:3d:19:2f:
89:cb:72:b4:5b:f2:49:81:76:c2:57:ec:d9:44:ff:b8:8d:19:
6a:2d:bf:31:47:34:e0:b1:03:32:26:15:e4:d7:44:41:d1:5e:
f9:ba:e2:5f:50:45:44:08:44:7f:9b:09:f4:37:ff:8b:d9:d6:
55:66:d0:60:b2:8b:94:34:8d:97:dd:73:2f:02:22:be:9a:bd:
d3:57:8c:c3:c6:e1:e1:19:64:f1:6d:3e:41:20:6f:4e:47:bb:
29:41:bd:a9:8c:ab:01:41:ea:2a:51:c7:f2:9f:ec:ca:9b:1e:
be:e7:f9:3a:5e:66:f8:dd:30:3c:dd:3d:53:61:1e:ad:93:31:
01:c4:c4:b3:2c:b1:14:a3:68:a2:a2:6a:f9:60:e7:63:19:e4:
89:19:89:1d:ad:de:85:5d:43:4c:57:61:17:b4:7d:f9:18:93:
93:c6:88:40:0a:3d:7e:a4:e9:ab:fd:56:c0:2b:5f:35:68:26:
d4:e2:c8:f7:75:08:1c:11:4f:a0:64:a8:15:2d:f2:e9:58:0a:
31:ec:cb:f8:ba:3b:85:aa:95:93:5e:47:05:27:c4:32:6d:56:
71:6f:38:8d:db:93:99:57:35:cf:25:83:99:77:d3:7e:93:cd:
a0:04:ae:e5:e9:20:e7:63:b1:ed:69:8c:46:3d:1c:f6:84:bf:
67:a5:71:60:d5:ec:9f:5b:d9:12:12:9e:0a:b2:85:40:94:34:
9a:74:6b:25:1e:3b:03:2b:2c:55:7f:51:4a:6a:93:07:dd:e6:
d4:89:fb:1a:95:1d:cd:bb:d1:61:47:6d:8c:09:56:44:b3:52:
c9:ca:df:a1:27:45:77:a1:e3:31:ec:da:b4:ad:15:20:ac:f7:
cc:88:1a:b6:84:f5:21:c9:4f:f7:94:bb:d2:1c:d2:19:40:52:
5d:2f:9f:44:d3:64:8c:88:d3:08:93:ff:5e:d1:99:63:60:40:
73:08:bb:20:3d:d1:26:a8:30:48:44:2d:d3:65:e6:af:eb:22:
ec:7c:6f:97:16:69:58:3b:e2:ef:e9:de:de:90:10:07:f4:bd:
6a:a7:e5:82:e9:22:d5:0e:c9:32:ea:ac:30:69:c6:96:9b:51:
6b:93:65:67:e5:84:2f:36:1c:19:d8:be:26:fa:79:05:e0:ed:
34:fd:2c:a4:c0:44:7f:cd:c7:51:e5:a9:81:a7:90:97:46:1a:
78:00:16:64:2c:d9:d4:85:b6:61:1a:87:de:96:f5:0c:f3:cc:
73:d4:0d:5e:8f:64:b0:a0:97:c9:12:0c:2e:fa:3a:a1:07:1c:
bc:29:0c:e0:82:b7:3b:0d:6b:14:80:3a:11:a6:d4:f4:36:a4:
96:d9:89:f8:81:61:77:79:02:6f:5e:64:2a:d7:f2:fa:26:d6:
0b:bf:cc:63:5e:ff:af:7b:c4:ef:48:5d:ef:c7:44:bb:46:be:
cb:3f:c4:3e:9c:f2:98:9e:ec:7b:20:4a:54:a0:cd:2d:3a:cf:
a0:2d:4a:db:2b:97:50:82:92:68:4e:f0:f1:73:b0:b8:6f:62:
d6:97:95:15:75:03:41:5a:d6:f2:f8:a3:eb:f6:48:49:44:49:
93:9e:6c:2c:e1:a1:d5:e6:fd:f2:d5:d9:ee:f0:86:ef:01:49:
65:d6:fd:ae:9d:3a:a6:1d:1a:b3:9b:09:8a:49:cb:ff:b9:d2:
b7:16:7e:f5:36:05:c4:09:c1:b1:49:97:0d:8f:22:c9:8c:9e:
bb:ea:ce:f9:a5:57:47:de:04:7a:bd:e4:b6:a0:0b:bc:d1:da:
a1:20:e1:5c:c4:7a:13:fa:7c:c3:dd:a3:b2:48:98:29:83:75:
c1:6d:f8:1b:75:7c:f4:91:ae:66:d9:bf:49:3e:4c:85:01:df:
d7:8a:1c:44:9c:d0:d1:4f:7f:c2:0f:7d:f8:e0:11:4b:b6:b0:
4e:6f:1a:f1:fb:53:f8:42:c8:54:15:6b:29:a9:b1:1c:f3:f4:
ed:52:2e:66:e9:49:1a:d0:52:66:6e:fa:8d:ff:2f:1e:d3:40:
c7:25:b7:69:1d:d4:a9:4d:ee:82:14:32:0e:82:ed:94:b6:02:
b0:00:d1:b3:20:f2:eb:9e:db:0f:c9:4f:3d:ec:b2:6e:bd:41:
d2:93:87:1f:fb:8c:b8:0e:e3:6a:f4:37:dd:4f:a0:24:e6:22:
3d:c7:a2:46:06:bc:5e:25:74:aa:ae:fc:de:94:d9:5d:6f:1b:
0f:e3:99:46:06:4c:20:ff:59:d1:ef:75:76:87:c8:9a:7d:97:
67:6d:06:d8:20:83:84:1d:c4:72:43:8e:e2:ee:3a:d9:21:59:
63:c9:a0:56:d1:42:f4:34:fe:ed:ac:a4:0a:28:0a:c0:a0:32:
0f:f1:4d:36:b0:27:9c:a5:88:6f:b2:65:a9:43:d2:09:0c:ce:
06:b7:1b:e4:44:d0:e3:cf:da:2f:11:df:cf:83:3a:8e:04:7e:
5f:31:90:c1:1e:1c:b1:ca:4c:21:4d:6a:7a:c5:e0:17:61:ee:
c5:61:dd:0d:41:71:96:77:6d:a4:43:a1:69:60:22:56:ea:b1:
88:b1:71:53:79:44:25:f2:42:c9:b3:48:f7:6c:9a:6a:be:f1:
ca:88:3e:14:b9:69:9e:57:0b:f6:b6:1b:c9:88:70:7c:a8:80:
d6:34:9f:63:59:48:86:4c:bc:eb:cb:49:1f:ad:f6:13:b0:de:
c1:0f:8f:a8:0c:f3:ce:f4:56:b5:3c:1d:82:df:9a:98:4b:5f:
91:1f:56:f3:ad:b7:45:92:9f:44:d1:5b:63:da:1a:96:cc:db:
9f:48:64:08:19:29:3f:a4:27:6c:ed:20:49:07:dd:b0:72:9e:
fd:59:37:73:69:07:1c:24:c4:46:5d:58:d1:0f:e4:05:08:09:
60:b2:8b:df:a2:a5:07:99:c9:4f:cb:f3:d2:d8:bf:b7:0a:6e:
cd:73:43:a5:a0:46:1a:f8:c1:88:01:e2:7c:c1:a7:36:ad:f3:
d1:28:e5:4c:b7:5b:a3:08:70:0e:3a:d9:d3:ce:55:0f:2f:f8:
08:7a:3c:78:0c:c0:ca:1d:8f:35:34:6d:8f:10:3b:3e:ad:3f:
2d:55:9e:d0:aa:e7:43:39:c0:64:4b:55:f9:62:a1:f4:1d:90:
4a:3e:06:1d:0b:8e:12:18:6e:28:30:92:88:80:99:6b:bb:a2:
f2:2b:79:1a:4f:53:e5:4d:10:bd:3b:81:9d:1c:9c:06:a1:a4:
df:61:ec:5a:05:82:38:91:84:65:f6:74:83:9a:28:eb:23:92:
1f:ef:77:77:30:98:c4:90:45:d7:4e:80:fb:e7:50:52:0c:03:
10:0d:b3:e4:0a:20:6c:85:fd:2a:b6:87:e2:7d:69:b0:76:ac:
b6:23:ff:09:6e:ab:7e:98:3e:72:76:bf:a1:e2:77:32:2e:51:
85:db:cf:d8:50:b3:e2:c6:7c:75:bf:67:3a:76:c0:d5:78:2b:
1e:c8:ee:63:31:20:7a:33:c9:90:df:8e:95:d7:be:04:32:93:
bd:60:46:2d:18:52:0d:e0:99:1f:da:1e:d1:ae:f1:ea:a8:7a:
90:80:7e:10:89:51:c5:a2:55:38:b8:59:12:92:9f:93:87:e3:
0f:bb:02:29:ed:75:8f:8a:17:8d:81:91:65:78:a8:1d:9d:2d:
1e:0f:9b:53:d4:13:8d:55:92:eb:8a:45:19:f6:6b:44:03:47:
9c:3b:18:1b:d3:f1:a1:3d:c4:66:b0:16:d6:60:26:b3:8d:89:
52:27:29:4e:3e:b8:50:fd:64:20:fc:02:58:e2:83:6f:15:35:
e4:a6:c8:d6:2c:e3:ce:e2:9d:d1:53:a6:d9:57:90:63:24:ab:
18:d8:6e:63:90:9a:eb:9b:80:c2:98:8a:9a:bf:20:92:b3:36:
a0:04:fa:88:2d:d6:0f:3f:9c:4f:4d:21:96:c7:4d:2e:c0:34:
f0:40:d0:f7:f3:ea:c5:57:cd:3f:ec:74:73:5e:f9:b0:7e:71:
f3:7c:6e:6a:3c:a1:22:b0:f4:40:d8:62:08:a3:97:8c:14:66:
ff:bb:83:ab:26:24:01:9f:b5:03:0e:80:5e:e9:e9:f1:14:84:
97:4d:f8:06:db:98:2d:8c:93:e2:af:45:44:7a:d5:61:bb:d6:
f1:c4:5e:38:62:3e:1b:1d:d6:69:42:49:66:a0:83:da:23:5d:
42:b9:c7:a0:07:5a:ef:e7:b2:9c:4d:83:63:6c:89:61:c7:d6:
29:4d:76:6d:eb:26:6d:25:c9:fc:5d:2d:58:88:17:5e:a5:4b:
7f:0b:6e:c7:7d:f8:6a:50:53:c7:80:35:98:76:31:cd:f0:2f:
6c:f9:79:93:c4:bb:9b:01:89:00:df:0f:55:c5:67:19:50:b2:
31:ca:68:f8:30:f6:0a:88:2d:e8:55:0d:af:cd:5b:cd:f9:3a:
bc:3c:87:f1:32:b5:f3:01:a9:09:44:ea:54:2b:18:33:05:d3:
c6:b8:56:e3:5a:70:38:4c:98:5f:ee:17:6b:12:2d:00:fa:c1:
33:48:73:7c:29:51:9a:44:c7:74:b6:63:2f:b4:f8:87:3c:e4:
44:4b:5d:0f:ec:b1:ec:56:b2:23:da:d4:1f:b7:a9:13:d9:1d:
b3:d6:19:d6:23:fc:72:9a:15:d6:6c:df:66:71:55:a6:89:9b:
ed:ef:25:ee:fb:2b:b3:58:59:d0:42:ab:da:97:88:de:cc:06:
aa:b2:85:d5:f0:a2:87:0e:cb:58:7c:14:9d:d1:8e:d0:21:9b:
80:67:ae:73:4c:34:fd:42:36:71:dc:a5:55:4d:79:19:dc:4c:
f2:bd:76:25:e3:f0:88:62:4f:79:4b:e0:2f:30:cf:40:42:4b:
54:1c:85:23:11:66:3f:23:6a:dc:54:f3:5b:cd:9c:b6:88:e4:
71:87:5c:2f:7e:85:55:5b:9c:23:3a:00:1f:57:da:b6:33:06:
8d:ce:07:89:b9:2d:7d:0b:35:8d:8a:8b:66:cd:59:16:55:db:
b0:b4:2d:3d:53:32:03:90:98:55:a4:f9:8d:f3:84:b4:16:06:
42:3e:ca:71:ef:db:c7:59:32:fa:e3:ec:3b:fb:c9:83:83:90:
52:99:06:c1:b4:3d:ea:f9:83:fa:a8:d9:c3:09:8b:15:d3:85:
06:a1:e5:26:93:4d:23:aa:cd:4b:3e:5f:64:8f:2f:71:7e:c8:
d3:8c:78:ef:79:3e:ab:4c:da:77:23:2e:ff:56:35:8d:27:7d:
7e:7e:df:03:1a:c9:c2:af:f4:62:49:f7:35:1c:6a:9b:19:f9:
0a:e2:17:36:b6:6f:d6:ee:b6:e7:12:e3:c1:54:17:22:6a:28:
6d:cd:9c:e0:ef:b7:1c:99:e1:94:53:8f:c5:55:65:b2:f0:4d:
0f:c7:ef:d0:0a:b4:9f:c2:c9:9d:af:26:2e:98:5e:cd:59:79:
80:1a:28:27:68:fb:22:f3:14:71:60:79:a0:5f:92:75:59:36:
58:fd:80:20:07:e9:8f:34:5c:38:53:7b:4a:d1:58:77:af:1b:
0a:0f:70:3f:db:b8:58:37:01:e6:ef:8d:3c:e5:c7:71:c6:bd:
1a:0b:12:33:5f:9d:07:36:4d:7d:02:07:85:60:83:6f:fc:e0:
af:9f:c5:22:4b:cd:89:dc:2f:b3:53:e1:7f:b9:65:af:59:57:
54:87:32:f2:d6:15:88:e2:2b:a7:20:85:42:26:d9:09:ee:87:
60:0c:bf:a3:6a:e5:e5:db:6f:2c:05:7e:88:ee:aa:98:d7:6d:
0e:3c:9f:6c:28:70:02:1a:78:b6:2e:2c:29:9e:d9:fa:1e:80:
0a:a3:e6:dc:46:00:15:e7:c0:13:36:42:9c:f0:1a:fa:9c:7d:
d0:cd:2f:ce:dd:95:54:fb:b1:fa:bb:3f:83:26:f7:54:42:5d:
60:7a:d1:bd:b2:17:9a:e0:02:a7:9a:d8:40:f4:2c:79:c0:4e:
4e:a4:68:aa:33:c9:1f:2a:f3:fd:9b:50:39:37:b9:1e:59:2c:
7b:cf:97:57:23:81:b7:07:76:8e:b1:f5:15:dc:54:c5:f9:f9:
c6:13:b7:37:2d:12:44:c6:78:1e:92:1f:ed:85:8f:14:7a:9f:
d0:1f:02:8a:f1:5e:8d:05:28:13:2c:cf:1f:41:9d:74:ec:98:
96:51:57:a7:c0:10:9a:be:31:7d:71:a7:c2:38:cd:ce:74:60:
e4:45:ef:b0:60:87:7a:da:e9:05:38:06:19:fe:60:db:c6:2d:
a4:25:f7:5d:d1:b1:3d:12:0b:a0:fb:3c:80:b0:f5:00:48:34:
8b:e4:a4:f1:cf:fe:be:a2:38:43:44:20:23:5e:89:c8:91:18:
fb:5e:aa:90:11:07:7a:e8:ad:61:03:17:6a:a5:a6:a9:e2:c4:
8c:f0:5e:d7:25:fc:43:93:db:47:44:c1:25:26:38:7a:17:08:
24:36:d3:25:95:eb:c3:17:ca:b5:d7:79:73:62:48:d6:d0:af:
e7:a0:61:83:5d:7a:27:e9:b9:7e:d2:25:17:85:c2:28:5b:9f:
e7:01:67:f7:69:83:eb:ec:cd:8e:2b:ee:f1:4c:17:a5:3e:05:
2c:c1:eb:b7:64:d8:fa:3b:3b:c4:e4:53:18:fd:d8:da:1a:f4:
c7:c2:47:90:91:ab:3d:2b:12:1d:9e:7e:58:7e:cb:63:9c:ff:
28:bf:a0:c3:a6:07:52:58:9a:de:2c:4c:63:5e:79:8b:21:cb:
cf:5b:08:7d:6e:44:55:32:5c:37:71:46:02:c1:28:e8:5f:c1:
34:ca:b9:25:0a:c8:88:a8:bc:13:1f:1d:c3:6f:cd:3e:f9:95:
ad:45:7b:f9:03:05:b8:f8:c8:89:fa:a0:7a:2b:b7:15:ba:d2:
0a:39:39:c9:0e:0d:5b:f9:11:b2:9e:11:98:90:bd:25:9d:a2:
f2:c8:c1:3b:70:a3:71:b9:9c:46:24:b1:00:1b:54:3c:ba:11:
a2:73:d4:bf:85:08:57:8f:05:6f:9f:23:12:ff:06:73:d5:6d:
13:7c:1b:50:c4:df:8e:8a:8a:f8:f4:5c:61:c1:51:e8:d3:82:
7b:ef:60:89:56:4c:fa:e1:b5:50:47:23:66:7e:af:af:a7:9f:
0a:1f:55:2d:d9:ad:8f:92:01:d4:10:c8:00:63:0e:6e:95:1b:
ea:e9:d3:38:ac:7c:34:d1:8d:61:e6:be:c5:98:3d:9e:cf:70:
28:5c:4f:80:44:4d:06:9d:1e:e0:4b:4c:91:76:7e:d8:ff:5f:
5a:ae:b6:88:f6:25:7b:96:80:4c:59:3f:91:29:4f:44:c1:01:
23:9c:8c:51:f1:fa:69:e0:b1:2a:20:c8:93:14:f4:99:61:a7:
4e:9b:ee:8d:02:5a:e2:29:d7:f5:9f:ef:94:59:4c:55:c6:0f:
1c:b8:9c:a9:b6:bf:cd:c4:30:e5:e5:84:4e:d3:13:af:6e:8f:
8d:ac:d4:64:c0:21:5d:57:e7:9d:73:c6:90:63:b7:22:3e:a6:
a6:47:d3:be:b4:a3:ff:c6:c3:0e:2b:f0:45:ee:50:50:98:b2:
8e:f2:bc:05:d0:24:b5:40:b2:52:b4:bf:d7:62:8a:a2:a8:d3:
6c:3e:ad:12:46:ab:5b:c7:e1:32:99:21:7c:cb:09:37:2e:8f:
0b:85:41:5f:45:8f:17:ca:66:6a:73:97:73:3c:3d:8d:dc:9f:
51:dd:59:15:0f:68:4b:a2:42:4e:98:6d:1c:74:9b:5d:b4:65:
ed:22:17:a4:73:b2:11:93:f4:d2:b5:aa:93:00:c5:88:42:86:
b5:1c:3f:fc:9f:f7:f9:2f:a9:29:a5:66:e2:e5:8e:29:ef:d5:
d8:dd:93:62:26:08:7a:f6:62:6c:17:1c:b0:d6:19:b1:39:8c:
c4:54:a5:ef:34:b6:15:53:fd:88:80:eb:48:50:0d:74:8e:34:
04:64:f1:da:13:4f:df:63:7b:c3:19:be:c4:1f:f2:13:25:cb:
73:37:98:93:4f:8d:ed:97:88:ee:be:39:9f:03:bd:2a:4f:08:
1d:63:19:dd:20:06:6c:4c:96:a7:66:82:7f:75:62:19:5b:87:
cd:76:e3:b9:10:76:ab:b4:bd:54:ca:3e:10:15:a4:36:42:93:
e9:56:fa:19:59:e3:90:55:ad:f7:b2:07:cd:99:9b:7c:05:01:
a9:d1:fc:eb:e6:d5:de:01:39:ac:0d:be:c7:db:fb:b0:54:08:
48:26:f9:54:dc:15:85:a2:6f:33:10:60:ec:0d:38:ad:15:e4:
14:83:3d:65:df:0b:ae:01:f0:15:9a:ca:bc:4f:c9:c0:57:9f:
9a:b9:22:53:56:b3:4c:83:50:f6:5b:13:68:94:6e:12:7c:bf:
9e:22:6d:c3:17:f4:f0:a5:73:b5:03:ef:b8:af:0e:20:c9:df:
2d:39:e6:43:38:84:30:6b:a1:36:0a:bf:09:41:67:18:85:8e:
77:04:a3:be:d4:9f:36:75:42:e5:84:ea:75:fa:0b:01:4a:30:
48:9c:b3:47:9d:3c:48:41:74:76:14:30:dc:66:1e:fd:7c:58:
2f:63:e5:74:2a:c5:a2:26:65:fe:c2:13:7b:0d:83:f7:94:3d:
2d:f8:83:07:aa:dd:77:72:26:fe:70:29:d5:1e:83:21:ba:0e:
de:10:ba:4c:cd:19:88:b2:9a:44:f8:86:d8:fa:4a:12:3b:7f:
02:ae:af:68:7a:87:8b:8f:63:e5:9a:da:e4:77:9d:40:50:27:
7f:b0:7a:ac:5c:aa:b4:33:8a:dc:fe:17:74:3e:1d:5d:5c:0a:
57:06:72:ac:ac:ed:2d:81:09:b3:6e:71:25:3b:03:29:67:b5:
81:bd:b3:3f:36:42:f3:af:ac:db:58:fe:00:42:b4:28:89:1a:
76:fb:11:8a:32:c9:65:03:f7:ef:6a:e6:57:48:e9:b9:d2:90:
42:9a:cc:ff:f1:fb:06:ad:be:ff:4e:c2:64:93:39:48:4a:57:
e6:06:98:14:9f:0c:61:19:c1:f0:d4:c8:3d:1f:6c:a5:c2:28:
66:25:aa:7a:9f:fd:08:f6:ec:c1:e5:f8:e2:37:17:f5:6b:ae:
aa:f7:a4:da:27:59:25:0e:43:4c:53:62:3b:62:6a:5e:6d:9d:
c9:01:02:f3:79:47:0e:2d:ea:62:89:a5:57:6d:de:18:b2:a2:
13:d2:34:27:28:4f:4a:a5:d7:f3:ee:16:a0:5e:77:f9:2e:6c:
22:81:44:ae:03:64:e1:9f:b8:d7:55:92:75:f6:66:ea:2e:45:
31:16:aa:32:77:3f:8e:0e:b7:4a:d9:52:ad:05:28:d1:58:8a:
d4:79:b0:ba:29:15:33:5b:99:59:d2:70:95:fb:6c:0a:5d:18:
4a:96:ab:14:96:c8:00:9c:5c:e1:f2:f6:ec:85:e4:3e:39:39:
b7:44:3d:9a:66:bd:d9:32:48:c8:5c:0c:d0:4c:b9:2d:01:49:
1d:eb:fd:41:32:67:23:87:10:31:17:20:df:f1:3f:77:ed:b8:
d9:52:dc:3d:11:15:dd:04:93:88:f2:65:32:6d:7b:c0:d8:df:
3a:19:61:9b:7f:e5:a2:b1:e0:6f:6a:3d:f5:82:08:a1:0e:26:
42:e2:91:9f:c2:a2:7e:ba:66:89:a7:95:26:c5:9a:9a:7b:2e:
c7:cf:4e:70:07:2b:f6:f0:56:60:f4:56:ba:73:18:e6:b8:85:
96:35:b2:d4:3d:3e:63:ca:be:08:54:f3:7c:03:e9:6f:98:17:
f5:03:66:da:dc:bc:4a:a8:97:d4:ff:74:89:ba:1d:22:91:58:
50:87:43:c6:1f:ef:0f:cb:9c:da:0e:f8:6b:1e:ab:84:17:f0:
56:17:dd:4a:19:62:4f:d6:56:ef:27:ba:81:ff:fb:5e:c6:4d:
a1:20:03:a4:4b:30:d1:09:37:8a:e3:34:cb:2e:5d:9e:6f:a4:
bb:9c:0d:7c:b0:40:66:23:7d:ac:dc:b9:7c:68:f4:db:f7:92:
c6:db:dc:dc:77:5c:d7:d3:57:a7:13:60:a3:ed:87:15:da:fe:
a5:f0:2e:46:94:ad:92:75:61:f2:a8:08:79:83:af:ea:f5:7a:
4d:02:2a:f2:39:d6:87:ef:4f:17:49:06:86:5a:54:9d:48:0e:
ab:7b:b6:f7:eb:68:85:83:01:52:d5:a8:32:fe:31:c0:45:11:
e2:dc:d6:99:d6:27:90:b5:41:48:b0:39:da:9e:0e:d2:6d:48:
bb:c4:0a:15:53:8b:16:77:9a:b9:62:b9:18:db:ea:25:17:8f:
c4:18:cd:1c:93:33:0e:9b:e0:ef:da:22:d8:55:17:2d:90:f1:
5e:35:a0:24:eb:3b:d4:50:45:d9:35:3b:0b:c3:d4:6e:67:b2:
92:0e:e6:a7:14:1c:09:e4:d0:94:d8:05:b4:e4:9d:20:5f:f1:
be:ca:25:00:34:76:35:e4:3a:19:05:ec:94:8b:9f:cf:c1:1a:
89:bd:8b:1b:8d:68:85:2c:aa:d0:95:3b:d7:b5:47:39:03:7b:
73:38:16:8d:21:68:1a:d8:77:49:1b:02:d5:41:e9:f9:a1:da:
40:75:f1:0a:ab:76:19:79:dd:34:28:6b:4d:d1:44:79:97:a3:
fd:15:1e:12:77:ce:e9:04:12:c3:47:75:5e:73:5d:8b:50:8e:
7b:78:74:a2:10:44:dc:29:ec:bb:09:04:98:dd:9a:98:a1:f8:
fd:c5:5d:41:4c:9e:13:33:09:f7:59:d2:ca:7b:86:8c:0f:f0:
8a:40:fb:6a:7d:c9:5b:18:71:28:15:e9:8a:97:b8:4e:56:a1:
3c:82:69:f2:1e:05:b8:4e:b4:0f:c5:11:b0:d8:cd:e1:07:5e:
39:a1:e4:a0:ad:19:c7:af:3b:a1:3c:01:69:8a:4d:8e:13:22:
53:98:ab:9c:a5:2e:75:1c:97:d9:0c:e7:0b:d4:79:41:2a:2d:
73:97:45:e4:b1:4b:37:54:d7:90:2f:36:f5:49:82:d6:41:e3:
9b:1b:ee:bb:19:f3:a9:5f:74:da:90:0f:ef:c3:89:e7:21:cd:
0a:51:71:aa:77:76:ad:e2:15:f1:ac:cf:68:34:09:d3:00:4c:
bc:c9:58:9f:b5:6c:e6:f9:4a:cc:3b:73:7a:0a:02:8d:da:98:
77:14:34:98:5d:ef:c0:8e:71:bc:b2:dc:56:1f:ec:b0:b0:46:
75:23:7b:00:33:44:f3:85:a7:49:81:47:28:62:76:4d:91:3e:
57:5c:58:31:a2:b1:de:0b:49:fb:92:ad:d1:a7:1d:61:0d:03:
ef:7c:fd:9b:9a:36:ce:b1:1d:37:87:3c:ea:3e:54:37:b5:de:
ea:e6:79:27:aa:4f:2f:94:17:21:09:24:5d:33:c9:ea:2d:e8:
87:f1:6a:d3:d6:fd:85:79:bd:66:25:2b:e6:0d:d6:23:3d:82:
d8:28:4a:31:06:7a:b6:79:3a:2a:d2:a5:00:5b:9a:f3:3f:15:
c4:cc:f5:6f:00:f3:77:b1:c6:31:9b:7d:33:eb:0e:b0:0f:f3:
9d:4e:49:85:1d:90:01:15:fa:3d:08:7d:27:06:ea:92:3e:b0:
c7:93:da:48:70:1a:1f:7e:52:f8:4c:63:c2:d4:82:cc:40:44:
c0:84:38:fc:70:ad:c9:16:41:80:73:8c:8e:6f:dd:e9:48:27:
8c:c1:87:c1:ca:4d:14:66:53:e1:ce:9d:1b:3a:16:14:cd:dd:
ce:12:a9:2a:ba:c9:4c:34:4b:4a:85:1f:9d:d4:6a:70:e9:df:
18:9f:03:d2:bf:73:f3:e0:b3:8f:d2:10:09:97:fd:59:fc:50:
c8:57:a7:77:34:43:82:79:b5:56:f5:33:c2:a0:dd:2e:78:09:
60:ee:0a:92:d3:13:5c:b3:41:79:df:fc:07:09:a5:54:aa:e5:
59:6a:30:d0:f1:ed:bb:f1:5a:52:61:9d:06:36:dc:c8:80:70:
77:45:05:b9:2f:4d:c4:86:fe:d7:51:51:93:88:8b:66:1c:fa:
0d:ce:91:5e:e0:25:3b:6f:89:47:df:52:09:b7:0e:c1:82:90:
96:17:b0:8c:af:d1:2c:00:b0:bb:18:5f:34:56:d5:f6:18:00:
56:4c:09:ab:32:77:e0:35:56:1a:52:99:1a:d9:e1:ce:75:9f:
24:4c:7d:e5:34:4f:52:1c:d4:6b:93:b8:a5:c5:68:97:68:a5:
1d:1f:77:16:2d:4a:29:0d:e5:2b:9a:f9:05:2a:1d:3a:f9:7e:
45:3e:a0:5f:88:d6:8b:bd:47:f3:a7:7b:a1:27:29:1c:3a:26:
41:b8:fe:80:53:6d:29:64:09:1f:6f:e9:ac:ff:70:8f:06:ef:
48:a2:07:1f:8c:d9:86:2c:84:f4:a7:01:66:d1:2f:f2:47:92:
a1:e6:de:a7:28:70:4f:bd:d6:d8:b4:ed:17:ab:4e:18:4f:e2:
4a:62:d0:7f:30:9c:40:2e
-----BEGIN CERTIFICATE-----
MIIg7zCCAimgAwIBAgIUZUd1tFj6suEfFrVfJUm0fyoSYFYwCwYJYIZIAWUDBAMU
MIGiMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96
ZW1hbjEYMBYGA1UECgwPd29sZlNTTF9TTEgtRFNBMRowGAYDVQQLDBFSb290LVNM
SC1EU0Etc2hhMjEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcN
AQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTI2MDQyODA4MTAwNVoXDTI5MDEyMjA4
MTAwNVowgaIxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQH
DAdCb3plbWFuMRgwFgYDVQQKDA93b2xmU1NMX1NMSC1EU0ExGjAYBgNVBAsMEVJv
b3QtU0xILURTQS1zaGEyMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkq
hkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wMDALBglghkgBZQMEAxQDIQCm4CSo
ShgQTc3G2iMkZ96WlYEApsrOQ+T9/HsajPrrfqNjMGEwHQYDVR0OBBYEFL2AIzoG
3ThX7mvClHvqv0NXOrCMMB8GA1UdIwQYMBaAFL2AIzoG3ThX7mvClHvqv0NXOrCM
MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMAsGCWCGSAFlAwQDFAOC
HrEAEDxwxfWxTxx3hTS5s1eXYu/nTRdnVmN0AuFQXFvcVpRF1/lrdv374gAWC1oP
hoZ+HgxOf9CVy9SNCVhTTuKfDhEuONzAh+xvJe8bWYGrcWlRLjwv9uvyInNi4aJo
s2fbLgUW+ryutiLLwg/9iB42QycT3mEBDLpa3wppF0XCd7Xfh2KzFm6OV+A7nwKA
XfCSdlFzLnolHIh53Q1VxXOUs3ZSOftYDTT+dDhF/Jk5h8f+Syp8Ua6S7l8oFhME
tfBfk5B00OD0HQava60z/izVmuUQMn8BL36Xxv+2V5dWzFpamnneGbCcC1e7u+WL
kSzNGS18dY5xT8XFiHRcXSeC3JRYfW5xbnjF8w07hZUq2k2vNKk8AojMRR0IDJ0g
OXMGCi26il2pRDIkMrHR/dF/tBBWOhUSpfbBbxbvhF6Gq1ubp7Qh40OGGlD4lbOw
EFYOJrZaRnVR4npadisUTlddiGEnFozgaq2HsRmJgIeqallpGPzjWniD2Fg67I65
KCoi5hOPrd9OTZ6ZazSaxcGBDigaFuVg0X0c11/4Pn0cfC0YXzpc0tIL28RPaVen
bWCVXgT7cTFx0eTu3RA0pZsMeynpS4U6L2SHk5qPBp91isKzpgz/lHrI9OYUMbFv
IK00XD8aZ8cODokAxZ/WVkuNhtxklOB+TYvNQ187RsmS8KQN37mrOKpbO5yv+vvV
9gslljAzKD0/HqYQQ1hTroinW45VZlcuDYipW9NxCiMFR4LK5gzI0fKZn8k3KlmZ
1PClghgLmPDuvg8RbypqFN3EybztgKx8ymXr+q+zKaeywxxCHn0/0xrwGzD1o1OM
E9OWggGoLtKu6vFQF67LpHtVclWLkCjw2VuB9HibsP6gxG7cJfyUZHESv/zNMVAm
LeLvOAUUgrZig6mGy98F7ydqzCyPHF1AE8HjJKZ9PIMaeHl9Y3VPaLmcdbkH7WIW
KSLBzfJSAukXsNBEE5wlx/053+vVMl6/xUeBGINjlolMMQKPxOl/J44BP0ROlrBz
rVanlU2rowPi3DNl0heH6Ae+lRdkPmyHzTrmCrjmi+Lp2WAq79XIL3qN7HAWEKId
EhZBo8EHL5Wx1H+fyhbKch0t3zpvk+uedjQ/3adHEhhb9DQrc0IzFcgZDKgQ1dME
geLRtD9+UzTY2wLWYLQkjChNMVELTsjxTJmYpzarvM6i1mf1smTsDuPzgkbTh84b
qUbT3Bon4l+/VTPK4N4ChCbtV1gn9NY8DafbQC3YyAyER5f7v0mM0hyA/9rWP5MA
d/Mx8MhXRlqaFSULLdEbWuuuCQ4+JOap63K+5EXSQdsh3acbbmI+Q9liNDFidtQu
OUj9VJxRavdxRIjAw5g7ZuGOCp3jaKlq0lKAlz2eFMm8NjNvJJx74YqloRJEv2Gi
O9oYuX+fibsQM49GGJJJXhCBpgsGGRmj6AbI/k6UIN5wNntA7gTK/PqBqoedrfNX
eAw0UfT673hYHukPuXX2pQmgkX+AGYAXS1ypuW22APgXkOG3TyEzZB3R1ah4oJhG
CgoOctwqZ45XRAB2Lnm5Tsd4sqcSF3VEbM6m164lVGxd6z2SdGUm920jGkORrS4g
yPT6E6mX6n6pYZSBp82zYKliTOyLkSGp03w5nz9M+I8WgT8jOiBkehDOgtckKOrg
dGrqYr3jBpAeksr6LSWlcFKPoT+fenrzVU1Lix0eztBhRGjlwmnoFC9ckJZyj345
YcHUPTa/ErTeMT5+9EXZa9icYQb+fUOu48j0Ow16XbY1Rl1bMOmf3klT2KeXYTPs
/t1KicPbqjlLAfggJ6MLEi8D/Y1pX5AqYpeTptQSgO6YR5PZiX1G8y1hjuadfn5C
Bw8+FQibSTaYHB7cV13rqzVLM+sv/aVukkVdId/UdIMCqTy9iO3XBdq1KlbhrnxT
qJ3zJL+CHQkgZrm4S+634JoV45m845OkLpNKwgyLQu4pQvWT6bZzjY0kTHgmt9xk
x5SO8y+BaJGlV+zHs31zAtAgGBZ6O93pZQiEa0AZ9nlxE8qPvoquwqRnrg5bqFUB
OFoOClEEVxJ25s/YVyWnjAPaIhPdkOEnJuDY3JtaazoP4uONVHNuEgJy9CvDm4A/
b/uKnv275NfGFIoZ1p8wvACYQZIrvaWOq5OJnW7UjoIXiKYZK4ukZ+lb7n+75qTX
zYV6wS0Viz1OJXFjXH5yt7znjqit1aQv0lbPsSlJA57Tuc41YI3TUJdfTqxy9LAg
5JF1zCdezq4EdxuEAv4MvKfdYj5V6edbo8gdCDQYU736BQzp/IRzDUufVlLlCehG
QztOWfqEZ9XClD3qy50pMU2RYZDyHylo3DRfE/2x8jhyhfEWHH8F5bgyVz9qaM7l
WBoU5R/ntxwEpuHFhsh442KS/f+b8ehgnEC5HB17Uq3u3voEvwu92TS/70ob8gxy
Qx5VJLFWrgxEme+1++XuxiB8FV9myDLD4DN2ANOwfr4KKHk/mFF4EnOusySlodMc
+Gxa58BHX4alZ9U7IBlJkf3GMgyW6d/q4Y7PSr2fleuILDz2NNqJ9zrRuw+X8DiZ
7Im0s5K/7RN9vBRUFmMB82Dw9sTg2wDcyF8TEYIdBHOk8Y3QjnpNH5wOjdz+fY+X
XqGXwnPnRZQZGZP1T/wli8MaGacdkQq/KHhBBn0J1JXF0o9HBM8/mr5ysIrQKQ2H
uCIRKsbHJ4ESb54YiJyKJQQFZrHvsUxI9/dT7MhyvHAlXhm+PNf2GlJ3BRXbupkq
1r3OoXD8MEDMvU3kNvD8uVQxSNOcuztRCKXosDtbCmmRLPfUUAdMqC97Q4Jk+8PK
SFy59/O81iFDw7UmYQaGI8Z/BdcLweV9X1rDCRp8Bss1+KNwExQ3tpgAiCSwkE/0
mZl11RUje1oJ2zMwi7nasgh86jk8iJaoOdoeIlqzvvdAWHpte4jeTFcw8TilzGrn
s8TvivFNyiy/WwUCMJcQEt0/ir8Khk9XY3m8LCGiwgcmpJbSGtJzhqmvLcqubwfn
JvRHZY4OKY/KzhbNkADwphmkMLjXitreWltUkZrhdWtJ9rhnDQLSxOxn9Q/C3BHF
ZWn1H0RErx+RnCkfi+GOnVyerHL6S8kpmvEe0WRrjiJaNA9TR84L4wdJy4beNewX
5NXfy/TeDOG4k5eInvYNs/r3S6ZS70hhwUPyMvevd6t1wGwIts1jy7Zk6AHt5GI5
NjircE3DpLSSvnng8n1/BlJIvbrCVm2vH4a2euvptPyME4P8JfiTX1LEu0oIWqC/
vSQ3S0Tkp+r6Nkndhhr58CQbq8EejAP4ioaZ/T2dn2galkdzGCI7e8B2Ah1heXOs
+SxFzodTtfVEjXObONm7pBH9+AwWxnRJ8OAYEMbRLCtdxBdyYOB82Uiz6zi6T+mC
whCazb2O6P++8FfY5ZRQFW2HQjKL14oHIo7iMeeVmyJPXQ1RAkke/GZRu4EBlmRj
2FdDZg0fbLSaFrbdCchtDsB5H6ZJyBF50Rg0mk5PHYAeR1t1B6F0+lLSadEk1yrN
csbI7H1ra7b55V6e1CSgAN+ruW1XWJAYrBy9r8GI2JBcgt76S0BRAW1FwoMYozjK
5l3AWt25aA4Nw8L4aozuqG8ZwtZ41lczevvGCttHqlWJR6Ygbwt4hGkg2rVsG9Ms
19uUOOB152yPTfXlQhbGkZNqQTmld5ICSWMPdMOyVT+xM+V72f9ZrqFuHAa/dpjc
rpQ5ST9d1rD6Bj4pjkBiuLfcIhFQSBlBN8XkNLglYJjtuUpoR6nmLdfl7zXnb6if
pbIPDZj6nv/7xVeDaZiwNwb7TA0XreloK8NCHPYMrH/KG7qpkLj24aIqRY31quWL
Shb2Djo47iXZX7b4/Huoxojj6vAfobDnRuSwWQiVAiUMaoo9Vj3JqBLdR7QtWvau
Q8w+TH9Oq7F4Klltb8qTIeT2rZGmHdqpFo/mGtLJIhNij74olr0jWTiRdbWEvK65
XwdK3f2o/OZtDQTidv4wC+mbYByYv5KAV0W6U9Jh91BR0q2cAzmWOe5FZASzygK/
7DvRq+yNl5rsGqximYX2FcfZsCv03FX0Gax+Nllw7ox5mIlhhiW9szieSe2KzmEd
0ROZlnSeT0N4wMmi82KS+KprypF+KdGAJ2Ro4Q+b/P5kmQ/WjtN42Or95QpVNIvx
tNkbpbsw+Rr0GTw9r6xfzpsnCBhSb7CqAg1GhHOS8QsWEpvPvPOXvMKcGFfMVWMh
3vcywT77iN73rvAREFtfBN+dPRkvictytFvySYF2wlfs2UT/uI0Zai2/MUc04LED
MiYV5NdEQdFe+briX1BFRAhEf5sJ9Df/i9nWVWbQYLKLlDSNl91zLwIivpq901eM
w8bh4Rlk8W0+QSBvTke7KUG9qYyrAUHqKlHH8p/sypsevuf5Ol5m+N0wPN09U2Ee
rZMxAcTEsyyxFKNooqJq+WDnYxnkiRmJHa3ehV1DTFdhF7R9+RiTk8aIQAo9fqTp
q/1WwCtfNWgm1OLI93UIHBFPoGSoFS3y6VgKMezL+Lo7haqVk15HBSfEMm1WcW84
jduTmVc1zyWDmXfTfpPNoASu5ekg52Ox7WmMRj0c9oS/Z6VxYNXsn1vZEhKeCrKF
QJQ0mnRrJR47AyssVX9RSmqTB93m1In7GpUdzbvRYUdtjAlWRLNSycrfoSdFd6Hj
MezatK0VIKz3zIgatoT1IclP95S70hzSGUBSXS+fRNNkjIjTCJP/XtGZY2BAcwi7
ID3RJqgwSEQt02Xmr+si7HxvlxZpWDvi7+ne3pAQB/S9aqflguki1Q7JMuqsMGnG
lptRa5NlZ+WELzYcGdi+Jvp5BeDtNP0spMBEf83HUeWpgaeQl0YaeAAWZCzZ1IW2
YRqH3pb1DPPMc9QNXo9ksKCXyRIMLvo6oQccvCkM4IK3Ow1rFIA6EabU9DakltmJ
+IFhd3kCb15kKtfy+ibWC7/MY17/r3vE70hd78dEu0a+yz/EPpzymJ7seyBKVKDN
LTrPoC1K2yuXUIKSaE7w8XOwuG9i1peVFXUDQVrW8vij6/ZISURJk55sLOGh1eb9
8tXZ7vCG7wFJZdb9rp06ph0as5sJiknL/7nStxZ+9TYFxAnBsUmXDY8iyYyeu+rO
+aVXR94Eer3ktqALvNHaoSDhXMR6E/p8w92jskiYKYN1wW34G3V89JGuZtm/ST5M
hQHf14ocRJzQ0U9/wg99+OARS7awTm8a8ftT+ELIVBVrKamxHPP07VIuZulJGtBS
Zm76jf8vHtNAxyW3aR3UqU3ughQyDoLtlLYCsADRsyDy657bD8lPPeyybr1B0pOH
H/uMuA7javQ33U+gJOYiPceiRga8XiV0qq783pTZXW8bD+OZRgZMIP9Z0e91dofI
mn2XZ20G2CCDhB3EckOO4u462SFZY8mgVtFC9DT+7aykCigKwKAyD/FNNrAnnKWI
b7JlqUPSCQzOBrcb5ETQ48/aLxHfz4M6jgR+XzGQwR4cscpMIU1qesXgF2HuxWHd
DUFxlndtpEOhaWAiVuqxiLFxU3lEJfJCybNI92yaar7xyog+FLlpnlcL9rYbyYhw
fKiA1jSfY1lIhky868tJH632E7DewQ+PqAzzzvRWtTwdgt+amEtfkR9W8623RZKf
RNFbY9oalszbn0hkCBkpP6QnbO0gSQfdsHKe/Vk3c2kHHCTERl1Y0Q/kBQgJYLKL
36KlB5nJT8vz0ti/twpuzXNDpaBGGvjBiAHifMGnNq3z0SjlTLdbowhwDjrZ085V
Dy/4CHo8eAzAyh2PNTRtjxA7Pq0/LVWe0KrnQznAZEtV+WKh9B2QSj4GHQuOEhhu
KDCSiICZa7ui8it5Gk9T5U0QvTuBnRycBqGk32HsWgWCOJGEZfZ0g5oo6yOSH+93
dzCYxJBF106A++dQUgwDEA2z5AogbIX9KraH4n1psHastiP/CW6rfpg+cna/oeJ3
Mi5RhdvP2FCz4sZ8db9nOnbA1XgrHsjuYzEgejPJkN+Olde+BDKTvWBGLRhSDeCZ
H9oe0a7x6qh6kIB+EIlRxaJVOLhZEpKfk4fjD7sCKe11j4oXjYGRZXioHZ0tHg+b
U9QTjVWS64pFGfZrRANHnDsYG9PxoT3EZrAW1mAms42JUicpTj64UP1kIPwCWOKD
bxU15KbI1izjzuKd0VOm2VeQYySrGNhuY5Ca65uAwpiKmr8gkrM2oAT6iC3WDz+c
T00hlsdNLsA08EDQ9/PqxVfNP+x0c175sH5x83xuajyhIrD0QNhiCKOXjBRm/7uD
qyYkAZ+1Aw6AXunp8RSEl034BtuYLYyT4q9FRHrVYbvW8cReOGI+Gx3WaUJJZqCD
2iNdQrnHoAda7+eynE2DY2yJYcfWKU12besmbSXJ/F0tWIgXXqVLfwtux334alBT
x4A1mHYxzfAvbPl5k8S7mwGJAN8PVcVnGVCyMcpo+DD2Cogt6FUNr81bzfk6vDyH
8TK18wGpCUTqVCsYMwXTxrhW41pwOEyYX+4XaxItAPrBM0hzfClRmkTHdLZjL7T4
hzzkREtdD+yx7FayI9rUH7epE9kds9YZ1iP8cpoV1mzfZnFVpomb7e8l7vsrs1hZ
0EKr2peI3swGqrKF1fCihw7LWHwUndGO0CGbgGeuc0w0/UI2cdylVU15GdxM8r12
JePwiGJPeUvgLzDPQEJLVByFIxFmPyNq3FTzW82ctojkcYdcL36FVVucIzoAH1fa
tjMGjc4HibktfQs1jYqLZs1ZFlXbsLQtPVMyA5CYVaT5jfOEtBYGQj7Kce/bx1ky
+uPsO/vJg4OQUpkGwbQ96vmD+qjZwwmLFdOFBqHlJpNNI6rNSz5fZI8vcX7I04x4
73k+q0zadyMu/1Y1jSd9fn7fAxrJwq/0Ykn3NRxqmxn5CuIXNrZv1u625xLjwVQX
Imoobc2c4O+3HJnhlFOPxVVlsvBND8fv0Aq0n8LJna8mLphezVl5gBooJ2j7IvMU
cWB5oF+SdVk2WP2AIAfpjzRcOFN7StFYd68bCg9wP9u4WDcB5u+NPOXHcca9GgsS
M1+dBzZNfQIHhWCDb/zgr5/FIkvNidwvs1Phf7llr1lXVIcy8tYViOIrpyCFQibZ
Ce6HYAy/o2rl5dtvLAV+iO6qmNdtDjyfbChwAhp4ti4sKZ7Z+h6ACqPm3EYAFefA
EzZCnPAa+px90M0vzt2VVPux+rs/gyb3VEJdYHrRvbIXmuACp5rYQPQsecBOTqRo
qjPJHyrz/ZtQOTe5Hlkse8+XVyOBtwd2jrH1FdxUxfn5xhO3Ny0SRMZ4HpIf7YWP
FHqf0B8CivFejQUoEyzPH0GddOyYllFXp8AQmr4xfXGnwjjNznRg5EXvsGCHetrp
BTgGGf5g28YtpCX3XdGxPRILoPs8gLD1AEg0i+Sk8c/+vqI4Q0QgI16JyJEY+16q
kBEHeuitYQMXaqWmqeLEjPBe1yX8Q5PbR0TBJSY4ehcIJDbTJZXrwxfKtdd5c2JI
1tCv56Bhg116J+m5ftIlF4XCKFuf5wFn92mD6+zNjivu8UwXpT4FLMHrt2TY+js7
xORTGP3Y2hr0x8JHkJGrPSsSHZ5+WH7LY5z/KL+gw6YHUlia3ixMY155iyHLz1sI
fW5EVTJcN3FGAsEo6F/BNMq5JQrIiKi8Ex8dw2/NPvmVrUV7+QMFuPjIifqgeiu3
FbrSCjk5yQ4NW/kRsp4RmJC9JZ2i8sjBO3CjcbmcRiSxABtUPLoRonPUv4UIV48F
b58jEv8Gc9VtE3wbUMTfjoqK+PRcYcFR6NOCe+9giVZM+uG1UEcjZn6vr6efCh9V
Ldmtj5IB1BDIAGMObpUb6unTOKx8NNGNYea+xZg9ns9wKFxPgERNBp0e4EtMkXZ+
2P9fWq62iPYle5aATFk/kSlPRMEBI5yMUfH6aeCxKiDIkxT0mWGnTpvujQJa4inX
9Z/vlFlMVcYPHLicqba/zcQw5eWETtMTr26PjazUZMAhXVfnnXPGkGO3Ij6mpkfT
vrSj/8bDDivwRe5QUJiyjvK8BdAktUCyUrS/12KKoqjTbD6tEkarW8fhMpkhfMsJ
Ny6PC4VBX0WPF8pmanOXczw9jdyfUd1ZFQ9oS6JCTphtHHSbXbRl7SIXpHOyEZP0
0rWqkwDFiEKGtRw//J/3+S+pKaVm4uWOKe/V2N2TYiYIevZibBccsNYZsTmMxFSl
7zS2FVP9iIDrSFANdI40BGTx2hNP32N7wxm+xB/yEyXLczeYk0+N7ZeI7r45nwO9
Kk8IHWMZ3SAGbEyWp2aCf3ViGVuHzXbjuRB2q7S9VMo+EBWkNkKT6Vb6GVnjkFWt
97IHzZmbfAUBqdH86+bV3gE5rA2+x9v7sFQISCb5VNwVhaJvMxBg7A04rRXkFIM9
Zd8LrgHwFZrKvE/JwFefmrkiU1azTINQ9lsTaJRuEny/niJtwxf08KVztQPvuK8O
IMnfLTnmQziEMGuhNgq/CUFnGIWOdwSjvtSfNnVC5YTqdfoLAUowSJyzR508SEF0
dhQw3GYe/XxYL2PldCrFoiZl/sITew2D95Q9LfiDB6rdd3Im/nAp1R6DIboO3hC6
TM0ZiLKaRPiG2PpKEjt/Aq6vaHqHi49j5Zra5HedQFAnf7B6rFyqtDOK3P4XdD4d
XVwKVwZyrKztLYEJs25xJTsDKWe1gb2zPzZC86+s21j+AEK0KIkadvsRijLJZQP3
72rmV0jpudKQQprM//H7Bq2+/07CZJM5SEpX5gaYFJ8MYRnB8NTIPR9spcIoZiWq
ep/9CPbsweX44jcX9Wuuqvek2idZJQ5DTFNiO2JqXm2dyQEC83lHDi3qYomlV23e
GLKiE9I0JyhPSqXX8+4WoF53+S5sIoFErgNk4Z+411WSdfZm6i5FMRaqMnc/jg63
StlSrQUo0ViK1HmwuikVM1uZWdJwlftsCl0YSparFJbIAJxc4fL27IXkPjk5t0Q9
mma92TJIyFwM0Ey5LQFJHev9QTJnI4cQMRcg3/E/d+242VLcPREV3QSTiPJlMm17
wNjfOhlhm3/lorHgb2o99YIIoQ4mQuKRn8KifrpmiaeVJsWamnsux89OcAcr9vBW
YPRWunMY5riFljWy1D0+Y8q+CFTzfAPpb5gX9QNm2ty8SqiX1P90ibodIpFYUIdD
xh/vD8uc2g74ax6rhBfwVhfdShliT9ZW7ye6gf/7XsZNoSADpEsw0Qk3iuM0yy5d
nm+ku5wNfLBAZiN9rNy5fGj02/eSxtvc3Hdc19NXpxNgo+2HFdr+pfAuRpStknVh
8qgIeYOv6vV6TQIq8jnWh+9PF0kGhlpUnUgOq3u29+tohYMBUtWoMv4xwEUR4tzW
mdYnkLVBSLA52p4O0m1Iu8QKFVOLFneauWK5GNvqJRePxBjNHJMzDpvg79oi2FUX
LZDxXjWgJOs71FBF2TU7C8PUbmeykg7mpxQcCeTQlNgFtOSdIF/xvsolADR2NeQ6
GQXslIufz8Eaib2LG41ohSyq0JU717VHOQN7czgWjSFoGth3SRsC1UHp+aHaQHXx
Cqt2GXndNChrTdFEeZej/RUeEnfO6QQSw0d1XnNdi1COe3h0ohBE3CnsuwkEmN2a
mKH4/cVdQUyeEzMJ91nSynuGjA/wikD7an3JWxhxKBXpipe4TlahPIJp8h4FuE60
D8URsNjN4QdeOaHkoK0Zx687oTwBaYpNjhMiU5irnKUudRyX2QznC9R5QSotc5dF
5LFLN1TXkC829UmC1kHjmxvuuxnzqV902pAP78OJ5yHNClFxqnd2reIV8azPaDQJ
0wBMvMlYn7Vs5vlKzDtzegoCjdqYdxQ0mF3vwI5xvLLcVh/ssLBGdSN7ADNE84Wn
SYFHKGJ2TZE+V1xYMaKx3gtJ+5Kt0acdYQ0D73z9m5o2zrEdN4c86j5UN7Xe6uZ5
J6pPL5QXIQkkXTPJ6i3oh/Fq09b9hXm9ZiUr5g3WIz2C2ChKMQZ6tnk6KtKlAFua
8z8VxMz1bwDzd7HGMZt9M+sOsA/znU5JhR2QARX6PQh9Jwbqkj6wx5PaSHAaH35S
+ExjwtSCzEBEwIQ4/HCtyRZBgHOMjm/d6UgnjMGHwcpNFGZT4c6dGzoWFM3dzhKp
KrrJTDRLSoUfndRqcOnfGJ8D0r9z8+Czj9IQCZf9WfxQyFendzRDgnm1VvUzwqDd
LngJYO4KktMTXLNBed/8BwmlVKrlWWow0PHtu/FaUmGdBjbcyIBwd0UFuS9NxIb+
11FRk4iLZhz6Dc6RXuAlO2+JR99SCbcOwYKQlhewjK/RLACwuxhfNFbV9hgAVkwJ
qzJ34DVWGlKZGtnhznWfJEx95TRPUhzUa5O4pcVol2ilHR93Fi1KKQ3lK5r5BSod
Ovl+RT6gX4jWi71H86d7oScpHDomQbj+gFNtKWQJH2/prP9wjwbvSKIHH4zZhiyE
9KcBZtEv8keSoebepyhwT73W2LTtF6tOGE/iSmLQfzCcQC4=
-----END CERTIFICATE-----
Binary file not shown.
@@ -0,0 +1,4 @@
-----BEGIN PRIVATE KEY-----
MFICAQAwCwYJYIZIAWUDBAMaBEAnqyIgk6VNnF0xM5x6Vbnp9D23c/kPGQeocOR8
HctLAiqMjF2YEIFMAUeaq+RxTydF4qwQjpWAlJQwoaItuSqz
-----END PRIVATE KEY-----
Binary file not shown.
+644
View File
@@ -0,0 +1,644 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1a:b9:a5:11:e8:b5:2e:6d:06:db:c8:39:df:1a:50:04:21:1e:f9:44
Signature Algorithm: SLH-DSA-SHAKE-128s
Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL_SLH-DSA, OU=Root-SLH-DSA-shake, CN=www.wolfssl.com, emailAddress=info@wolfssl.com
Validity
Not Before: Apr 28 08:10:04 2026 GMT
Not After : Jan 22 08:10:04 2029 GMT
Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_SLH-DSA, OU=Root-SLH-DSA-shake, CN=www.wolfssl.com, emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: SLH-DSA-SHAKE-128s
SLH-DSA-SHAKE-128s Public-Key:
pub:
2a:8c:8c:5d:98:10:81:4c:01:47:9a:ab:e4:71:4f:
27:45:e2:ac:10:8e:95:80:94:94:30:a1:a2:2d:b9:
2a:b3
X509v3 extensions:
X509v3 Subject Key Identifier:
62:90:90:E5:3A:74:18:1B:FB:68:40:07:A5:83:9D:70:2E:7E:C9:F0
X509v3 Authority Key Identifier:
62:90:90:E5:3A:74:18:1B:FB:68:40:07:A5:83:9D:70:2E:7E:C9:F0
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
Signature Algorithm: SLH-DSA-SHAKE-128s
Signature Value:
f3:00:21:12:66:43:0d:fb:2c:be:12:be:ed:07:4f:ae:78:1b:
4c:cf:e2:e8:85:cb:e4:68:f0:6e:6e:63:78:e1:10:0c:3c:7d:
0f:57:03:dc:ac:73:81:7c:c9:5e:77:e2:d0:77:0a:b1:7e:03:
cc:3b:f6:a4:19:e4:e1:dd:89:d5:dd:cf:0b:c2:17:a0:fd:fd:
08:d8:d3:c8:12:1c:a8:de:bb:a0:a7:ba:81:bb:c9:b0:bd:09:
fd:05:cf:f8:89:5c:38:d7:0f:a6:8f:85:98:cd:3e:a3:c1:9a:
e9:4c:6b:bb:0e:25:fc:3d:83:19:53:8a:38:ff:e8:1b:da:cb:
35:24:3e:1c:de:8c:9d:83:f7:2a:9e:52:4b:1b:0a:14:e6:b4:
1f:5b:de:0d:3f:68:8c:ab:e9:da:d8:61:37:c2:c0:e3:28:b2:
df:41:0e:d2:90:30:e2:f6:a4:18:a1:1f:43:c4:30:a3:68:9d:
c1:d6:81:d1:2a:2e:a6:6a:7d:c7:a3:6b:4f:f1:6e:67:5d:b0:
08:4b:9f:0f:c1:98:4f:5e:13:80:44:d7:c0:d7:32:d6:af:42:
a1:cb:c0:86:f3:d3:db:17:89:ed:f1:bd:af:f3:eb:76:f1:2a:
9c:0c:d9:c9:86:8b:46:f8:0a:cf:5f:e7:fb:50:a1:69:e5:5e:
a5:78:81:63:5a:9c:2d:a4:b2:2b:d6:fa:c1:f9:7e:7a:01:39:
b1:0f:17:b2:e6:74:b0:01:59:59:14:f6:49:6b:f9:63:4a:84:
32:83:80:2c:cf:8e:4e:0b:f6:ff:41:47:6b:c2:f7:54:cf:44:
09:0e:12:cd:8e:8f:f0:58:04:80:20:a8:70:db:a6:a8:8c:ba:
3d:97:06:d2:0f:3d:cf:c5:39:80:5b:8a:f7:22:67:df:92:62:
86:3f:e5:8f:fe:0f:f2:e9:8f:6c:ea:7b:ef:2d:c1:db:9c:6b:
c5:93:e6:33:70:59:9b:57:3e:3e:b4:0f:1d:97:b2:25:07:5b:
10:05:60:d4:02:4f:cb:5d:ce:69:51:69:86:2e:74:82:c3:02:
9d:1c:77:28:1d:b5:d4:a3:18:c6:9c:59:d4:a8:1d:0e:38:9f:
aa:13:10:c3:c2:39:d1:e2:c6:b7:f8:e3:c3:68:9e:3b:8a:91:
41:d0:93:4f:63:06:cf:d7:e2:58:15:19:a3:ca:14:0b:d5:9f:
81:2e:d8:35:29:ca:5e:73:75:e1:bb:30:d5:89:5f:fc:b3:b5:
de:5a:86:3e:1f:c0:65:f9:ae:73:ce:ef:7a:c0:68:65:91:5f:
20:22:d8:91:cf:b8:ae:ad:73:bf:df:71:da:9a:fe:28:94:26:
3e:8e:e8:50:4a:86:9a:0c:07:fb:f7:9f:29:c5:06:4b:3e:d1:
0b:0e:8f:a4:f2:c0:db:dc:d5:b7:9e:9f:0f:53:0e:fe:74:13:
e3:91:a5:a4:40:eb:4c:43:73:eb:b7:99:4f:de:a1:f2:29:bc:
9f:1e:d9:f3:dd:a7:60:65:7e:c6:74:27:6e:fb:a9:62:fc:c9:
87:aa:b3:97:b6:ad:22:4d:d3:58:13:a4:b7:2c:60:fa:f1:d0:
d9:4b:43:d0:53:34:61:5c:1d:48:5a:e4:11:2a:1c:43:4e:45:
3a:7e:6e:c7:05:0f:7d:d8:f3:1f:e2:99:f9:45:df:e9:59:b6:
65:aa:41:78:3a:1f:68:bc:de:3c:2d:c3:1a:1a:72:7d:3f:b4:
24:94:8e:90:f9:a7:2f:e2:86:87:77:88:8f:7b:98:82:1c:03:
99:9d:c7:e8:ad:62:49:e0:e5:51:50:95:67:d7:aa:3b:67:c4:
54:7c:6c:f1:fe:d5:4d:17:7d:8c:99:b4:49:4a:57:dd:9b:fd:
46:1c:33:a1:8f:3f:42:be:56:a7:06:00:be:88:1d:01:38:c5:
28:a8:b4:83:4a:b9:84:7d:cd:3a:7b:6d:78:2e:7f:9c:e4:46:
ca:18:9f:aa:d2:fe:24:76:e5:b3:a6:3c:de:af:b8:a2:ae:70:
b7:2e:76:13:29:1e:6b:7c:eb:54:d8:2c:45:77:e5:c6:a2:29:
a6:b2:8d:54:e2:60:f8:34:21:5b:ec:b1:98:49:fb:1a:0e:cd:
54:63:cb:e3:0c:fc:38:11:6a:e5:4a:57:6a:95:de:3b:70:c2:
a5:05:d0:10:1c:eb:c5:39:4a:b0:e2:81:82:41:9f:0b:be:8d:
83:fa:1c:9c:81:e6:bc:86:d1:28:69:5d:cc:67:5a:43:84:2e:
9d:6f:cd:af:f0:79:25:63:73:0a:8f:1d:14:9d:cc:e5:65:e9:
bf:09:d9:fe:d3:dc:5a:ab:db:0e:02:1d:f8:cf:51:be:70:32:
f1:1e:c9:19:cb:52:cd:cb:60:cb:e1:3d:81:8d:b0:f5:f2:bc:
21:c3:b2:71:7b:4c:41:37:be:43:a8:e3:da:87:5f:8f:b9:23:
a3:8c:68:d7:90:8e:ba:cd:05:72:1c:36:82:7b:c5:54:29:b0:
41:d1:a4:e0:f8:c8:3c:c5:f7:26:51:27:c2:87:71:1a:0e:86:
54:2f:48:cf:e1:f8:ab:f1:9f:74:36:be:d1:45:21:13:13:4e:
d5:c8:98:f7:51:0c:b0:41:25:e4:cc:04:12:7d:03:11:45:37:
f9:12:51:a3:a6:f8:25:d8:e7:19:b2:e5:20:37:71:e3:95:7d:
1e:b5:6e:b8:e8:8b:05:42:f7:d4:97:57:e2:3d:c6:8e:8c:a9:
86:8f:57:c0:da:41:89:8d:07:8c:b3:ce:d7:39:93:b5:6e:e0:
fb:59:af:76:88:6f:84:5f:4e:54:6b:42:de:95:4f:17:26:5c:
48:bf:ec:65:dd:73:8c:96:c5:5d:1a:5a:79:fa:67:08:05:c9:
72:2f:1b:1c:37:de:1a:a2:17:eb:d1:61:67:29:56:00:b0:3f:
9c:d7:bc:ea:de:31:ed:2c:09:4b:4a:a6:c5:52:43:d5:38:6f:
82:b4:b9:c9:9d:3b:1a:60:91:8c:b0:93:c2:91:a8:f1:9c:10:
f3:a3:9e:53:6b:e7:fd:84:83:ec:23:f9:5d:05:5d:bb:c2:16:
51:ae:aa:f4:2a:53:3c:8c:5d:5e:f7:cd:d7:64:c3:a9:ce:f9:
7b:31:f5:c4:fb:68:e3:97:4c:08:bf:64:7c:58:6d:4b:11:75:
6f:a8:13:4e:24:76:63:47:ef:e9:ff:bd:0c:7c:cc:f8:5e:91:
e9:25:b6:9e:b7:42:97:a2:4d:c9:4b:f8:82:10:ea:45:a1:81:
5d:b7:0f:ed:e0:e0:27:d4:88:c9:6e:3f:47:b8:1d:d7:66:51:
dc:0f:4b:cc:cb:fb:a8:f3:85:43:60:71:aa:66:cb:66:54:3a:
63:bf:ac:e1:aa:c9:06:e1:4b:26:f7:df:75:a8:bf:45:70:bd:
18:d8:91:58:bb:8a:51:0e:79:58:01:3d:45:05:5e:9d:02:b4:
7d:06:48:0d:59:4c:fa:4a:ee:fe:72:5a:03:ad:5c:eb:e5:44:
04:b4:20:90:5a:79:1c:2f:62:d5:49:89:59:16:c2:75:07:35:
2c:da:f0:99:3d:5b:49:b3:be:ab:1f:2a:00:cd:18:47:3a:20:
8f:e5:ee:d4:b9:e5:9b:af:ef:36:bb:42:f7:80:02:97:e1:e3:
4a:52:e9:95:e4:15:eb:40:cb:c1:a0:11:17:a7:88:98:eb:34:
b3:be:56:d0:ae:2d:9c:fe:38:eb:51:8c:fb:17:74:66:b7:f5:
57:b7:ef:c8:e5:a8:9f:4a:87:df:30:8c:f3:f1:f4:33:bb:fb:
62:76:36:68:f8:50:ba:8c:b2:eb:cd:5c:8e:0a:03:d5:4f:fa:
81:6b:64:e5:5b:a1:f1:27:98:26:08:69:dd:21:70:9d:fa:24:
1f:51:a5:b5:a2:48:1f:fe:fb:ce:82:93:c9:73:cc:c3:5b:30:
62:b7:e8:8c:82:26:57:e0:29:a7:97:c1:98:c5:99:84:f5:4a:
99:d3:23:1d:a7:91:1a:ce:71:e1:fd:be:59:0e:da:a9:82:23:
1d:4b:49:5f:05:7c:20:bc:ff:31:f2:c6:3b:7e:c7:39:74:37:
33:db:f0:7a:bd:06:c5:6b:71:01:57:36:14:dd:8a:57:a8:6e:
f5:42:5f:1d:87:88:bd:70:6e:6f:94:bb:82:44:a8:b7:a4:f8:
c3:59:25:76:b6:8a:e3:2a:15:a2:22:33:90:ba:b8:9b:78:5d:
f3:bf:26:b7:a0:47:13:31:b6:00:e1:19:b0:53:25:f8:28:c7:
60:62:b9:2d:b1:97:ae:1a:9d:41:b7:66:e2:d0:09:11:63:ea:
03:27:1b:dd:c7:d6:20:8a:c3:a8:27:dd:b3:59:d0:0e:9e:f7:
af:be:7e:30:53:51:a9:79:53:40:31:ac:5d:20:45:0b:62:96:
98:1a:ed:57:2b:3b:65:7a:49:85:6f:15:6c:a5:4b:53:f5:45:
8f:a6:46:d3:8d:93:af:d3:20:be:c9:b9:fa:db:47:48:07:14:
cc:a7:1d:7e:65:66:44:f7:42:ce:40:ef:03:1a:96:bd:be:e1:
c5:33:8e:ec:72:1a:ca:b5:64:e5:98:29:68:29:27:a9:b7:75:
84:a1:d0:c6:3b:63:18:fa:77:c0:31:00:9c:8f:64:6a:34:54:
d3:5a:43:53:d0:35:f5:e2:11:cf:9d:4e:b2:33:01:1c:49:73:
56:af:ae:ab:04:72:e7:d9:cc:8c:7f:1d:23:0e:7d:1d:46:2f:
a7:a5:59:d5:a0:8c:31:5b:08:cd:3a:8c:b4:8d:68:db:a6:94:
08:49:02:16:55:e3:3d:49:c9:35:f6:eb:e0:5f:e7:bf:b6:67:
7d:f5:30:57:60:d6:f0:1e:eb:0d:03:44:9c:cb:3d:da:a1:ff:
c4:ee:0b:f2:7f:8f:4d:8a:f2:47:13:55:2c:c5:aa:cd:d9:0f:
c7:ba:61:f3:6c:e3:f8:35:1a:1f:69:c6:21:94:fa:5b:92:2d:
76:f1:78:16:e9:31:fd:fc:77:b3:57:f5:a6:8c:8d:1c:55:9e:
c6:4e:88:d8:57:4b:e8:37:da:a8:72:95:25:63:46:4f:73:be:
60:ff:58:10:36:ed:98:fb:63:07:e1:19:88:f4:73:a3:b3:48:
bd:78:22:85:f7:96:b0:63:9f:63:89:46:35:5a:b6:18:61:d8:
67:8d:ba:b3:7e:83:7b:b8:7f:94:fb:93:c5:34:b7:33:d8:5d:
d7:fa:d6:8e:4a:6c:54:3c:29:e5:88:36:8c:96:1d:3b:ac:08:
6c:b2:05:d7:71:12:39:eb:90:46:18:fe:a0:46:97:a3:00:fb:
43:8e:b4:50:1a:b5:f3:e2:72:24:fe:45:3a:ba:71:23:c6:8b:
5b:9b:7e:17:fc:52:3c:34:e7:16:f7:07:6c:98:1b:11:c5:8b:
39:2b:97:59:89:4b:2d:7b:27:54:41:eb:bc:20:02:50:70:bb:
6c:c9:34:68:d6:67:07:39:5e:4e:50:df:8b:f5:b0:ca:be:42:
da:34:64:48:f2:cc:98:92:f0:66:3f:d0:6e:87:4f:5c:ef:fd:
f5:91:b3:52:39:48:70:d0:99:a3:0f:67:d9:fd:9a:6a:f3:5c:
dc:44:e0:a4:f8:5c:c3:cc:85:64:7c:ac:6c:17:7f:23:3c:7e:
b2:10:86:c5:57:94:26:0b:6a:aa:f9:34:d7:5a:41:80:85:eb:
fc:a9:fd:14:94:ed:c9:48:e4:dd:38:a0:21:27:12:c8:44:fb:
43:fe:1a:4a:ab:13:22:b6:9c:17:c9:7f:99:9c:22:fa:59:57:
35:a5:6a:f7:90:67:58:65:b2:7c:6a:5e:43:2f:4f:1a:f6:b1:
6c:33:4f:84:83:ef:f9:cc:5c:0a:9a:2e:11:25:e0:77:8c:d3:
0b:90:15:d1:ff:7d:4b:d2:a6:a9:ba:a4:bf:08:a3:65:ff:b2:
15:d3:b4:e9:86:74:ce:5e:86:c0:f2:0c:d0:09:27:47:48:aa:
89:88:e7:ca:47:13:4f:f3:b8:d7:e4:aa:af:27:73:93:90:6e:
46:fb:9b:b4:3f:2a:d7:bc:fe:1b:9e:32:09:b5:d4:ac:39:20:
ab:52:ab:42:d2:7a:89:83:d9:f0:4f:8b:8b:ad:e7:7d:51:82:
c3:9a:98:56:7e:0e:51:a9:13:35:a5:7c:36:86:36:e4:8e:e9:
d7:84:d1:82:9c:cd:ad:99:8b:11:f7:a7:66:fe:36:47:56:46:
67:af:59:76:f7:9d:f9:3a:f9:3f:10:22:27:4a:6c:cb:32:2b:
59:13:f4:a0:fd:d6:3b:6c:60:91:bd:aa:f3:a5:31:8d:ee:1a:
38:90:19:3e:a3:8d:e2:10:0e:b3:a3:da:7f:75:e2:79:bf:36:
86:16:7c:bc:94:b2:78:57:c5:45:02:6e:99:ad:cf:2d:21:c4:
6c:59:b2:b2:94:7a:e8:46:2c:12:61:99:74:2e:87:3e:fd:25:
62:58:89:20:35:a5:83:3d:d1:d5:5c:e2:17:58:73:9c:f0:a9:
90:13:ef:a0:b0:38:08:a8:46:f9:07:f1:be:31:9c:ec:ac:65:
82:a1:ee:fd:39:5d:7b:6d:53:2c:a6:23:48:59:2b:13:63:16:
93:69:46:42:4f:98:c8:70:dc:10:a7:fe:8a:28:91:6f:26:cb:
a8:e5:26:37:75:cc:a4:cd:88:49:4f:10:0d:c2:46:44:68:7a:
58:82:b4:15:78:47:f3:1a:76:af:cd:84:fe:e0:d6:93:1e:f9:
21:1b:d4:a2:13:29:3c:1a:bd:2a:fe:d4:cd:65:e6:14:e1:31:
82:14:bd:9e:09:e2:be:b9:80:8f:11:11:95:72:d9:a4:0d:c4:
6e:24:31:9e:e9:cf:9e:a0:e2:fa:7d:4b:b0:03:25:b2:90:e6:
7e:08:39:37:17:38:a0:93:f2:8c:ff:8c:ee:68:0e:11:74:ef:
b5:b7:47:21:32:82:9b:24:47:e0:88:bf:15:61:e2:3e:55:a6:
87:d6:f0:ba:f7:99:75:4d:7e:2e:76:06:8c:fc:9e:f8:bb:3b:
e5:74:70:e1:30:0e:06:ad:01:a4:6d:45:c6:f4:55:47:28:45:
cd:7a:8f:29:77:28:9a:a3:bd:ca:2d:b4:ff:53:10:a1:c6:b7:
51:59:0b:04:ff:ba:72:6d:5f:43:4e:df:36:ed:ab:d9:d6:49:
bc:8c:8e:be:53:84:2e:e3:00:a3:eb:33:49:23:ad:ae:98:7d:
a5:b0:49:29:d4:d1:5e:5a:11:5e:01:f4:f4:13:31:5c:d3:d6:
b7:08:da:25:87:7d:b5:73:12:74:06:0d:97:52:7f:60:08:42:
2a:af:14:f5:30:89:ac:f3:32:21:2c:e8:16:fc:45:13:89:28:
6e:4a:95:87:fc:30:36:55:7e:65:01:4f:55:52:39:39:25:40:
21:4c:30:dc:d9:6c:5f:58:fe:57:2b:83:d9:a0:db:4f:b3:4e:
02:48:8e:b7:70:9f:eb:0a:98:61:92:72:84:3e:53:7c:c6:f3:
3e:3f:70:3c:c2:ff:98:4c:1b:a6:71:c1:15:f8:e5:03:4f:53:
62:fe:ec:d9:2d:8c:83:e0:a3:42:7d:d9:16:51:04:2d:42:48:
11:4a:62:31:06:d4:02:5d:93:31:21:aa:47:da:c9:c6:49:be:
e4:71:4e:57:36:46:94:bf:fb:e3:88:3b:59:77:6d:13:cf:34:
62:34:ba:46:83:64:1e:22:10:74:18:a5:b2:d2:83:11:3a:ad:
b8:72:93:48:c4:6a:1d:b5:c2:d9:dd:2d:4f:bf:eb:e6:3f:9f:
e1:85:9b:f1:2e:03:5e:b0:f5:dd:8b:33:d6:7c:5e:e4:34:eb:
bd:62:dc:80:03:cf:cd:ed:ef:29:4e:ed:e6:e0:ef:d4:1e:6b:
d4:a1:bd:b1:23:73:71:f7:ac:7d:c3:eb:e6:37:ab:8d:46:e1:
24:93:92:b0:8d:f0:84:bb:f7:f6:51:19:52:76:94:ce:b5:f4:
3e:5e:0a:8e:e3:9d:14:43:31:4f:14:91:12:9b:81:7d:51:fe:
22:93:28:e8:e1:d7:8b:72:90:1e:44:61:d2:07:17:f5:ef:81:
69:27:ba:a5:a4:ea:2e:cf:9c:04:cf:fd:0f:c2:2d:4d:57:80:
49:bb:a6:92:be:7a:8e:4a:99:b7:d4:d7:08:63:b4:2c:1b:bf:
b6:bb:31:6c:13:7f:84:19:7a:e3:c0:57:5e:c5:5f:9a:27:ed:
b2:8b:23:65:96:d5:e0:59:ec:50:0e:63:a8:df:7f:4d:dc:6e:
35:d8:32:86:94:88:7a:20:3d:67:67:08:e5:ed:08:fa:37:7e:
84:6f:a3:e1:d3:62:f2:f7:19:f1:ef:73:b5:6a:a8:16:42:2f:
41:7a:e3:66:be:14:9e:5c:22:95:f4:31:17:44:a8:6c:ea:ac:
6c:d6:c6:a9:76:eb:c9:24:1e:93:76:48:f4:14:3a:18:f2:32:
68:f8:9e:cb:53:e1:a0:04:0b:a8:a6:4b:c2:3f:d7:4d:72:3a:
77:34:e9:7c:b6:18:26:bb:e5:e8:d7:1b:24:86:ea:c0:c8:0a:
81:ea:50:5a:b7:3c:ca:7a:bb:7a:85:4f:03:d2:7d:97:44:80:
0c:ac:58:48:a0:33:74:62:69:db:99:75:b8:a7:7d:c4:64:2f:
00:b5:a7:c1:ec:3d:69:e3:c5:b0:e6:47:ac:1b:c0:b2:15:75:
76:84:a4:f7:05:ed:fe:6d:ea:c0:2f:d3:37:72:dc:b2:8b:23:
45:1c:21:f1:6b:5c:af:59:12:b8:92:9f:be:59:b7:70:68:08:
d6:e5:30:b2:cc:16:37:35:22:b7:7d:7d:61:2e:f1:81:a3:08:
99:cd:1f:b6:52:f7:f9:53:c2:dc:e4:4e:40:54:59:9a:0a:4b:
fd:92:64:59:71:64:dd:d4:94:74:ac:e4:5b:c8:a9:ad:a2:0b:
bc:66:45:ad:30:76:bb:32:81:0a:ef:92:00:50:77:0e:b2:61:
0e:63:8a:a8:a8:d1:84:88:ae:52:53:d3:9b:5f:ae:f8:a5:35:
b7:40:51:95:ab:6e:ef:84:c4:84:0f:3b:8f:75:33:05:6d:42:
2c:aa:20:da:17:5c:b8:cb:cd:08:54:6a:18:d1:c0:0d:7d:14:
e5:fd:64:1d:8f:e7:b6:ab:e3:4b:95:bc:b3:97:f6:e7:c6:23:
86:9f:98:dd:0a:4a:cb:df:02:5d:1b:66:a9:58:f7:3d:b2:ec:
1e:59:53:38:64:ad:0f:57:1b:5a:10:81:3d:f8:22:6d:af:b7:
ea:08:ca:b1:98:d6:66:89:a6:db:3a:c4:80:35:18:a3:7e:8f:
cc:32:16:d2:6b:15:83:68:15:15:ed:23:7d:f3:c3:df:a8:5e:
bb:0c:61:0e:3f:85:be:df:47:9a:58:c1:84:15:a9:14:14:e5:
f0:ae:2d:c8:dd:64:0d:db:e1:78:62:7a:2d:4e:31:bb:e4:3d:
fa:92:d9:ca:cf:b3:e2:25:79:33:b2:d3:9b:f4:c1:db:fe:24:
de:f5:47:cc:9b:d9:47:b6:b2:3c:e9:25:3d:15:5f:e1:e7:86:
66:f1:4b:8c:56:bf:bc:13:db:cd:40:ab:45:8e:ba:f3:f0:67:
9f:46:c6:72:c6:d6:33:7a:26:39:98:6c:13:cc:2a:cf:99:44:
ea:68:97:05:8c:dc:b9:45:a4:10:3b:43:66:af:15:44:0f:53:
c7:76:6c:b0:59:db:c5:85:c2:54:c9:5b:d0:ae:2b:c4:54:cf:
38:60:2a:ac:a5:8f:65:15:d4:02:b1:a0:17:4b:c1:b5:5f:bf:
6c:34:23:ee:33:f8:82:27:5d:8f:1b:58:b6:f0:b8:0f:dc:cb:
76:19:e9:2d:b8:85:6f:55:1c:64:36:c8:8c:d3:84:c4:cd:f7:
a5:86:93:46:0a:73:45:e1:e5:cc:39:c5:f7:60:cc:ca:02:90:
66:e0:ec:23:e9:23:c0:98:fb:75:e9:74:0b:89:9f:32:1a:68:
89:96:db:d8:70:56:8f:85:e2:a8:39:08:fb:c0:53:8c:f2:af:
f2:79:0d:a8:d7:f1:e3:1f:fb:77:b6:70:f9:40:cf:f2:4f:5a:
eb:bc:6d:e9:f6:f1:f6:01:fe:83:1f:6f:29:d1:19:10:b5:1e:
37:81:c9:0f:ab:5d:d6:34:80:cc:ba:bc:22:76:6c:f0:a3:1e:
cd:6d:fc:1b:8d:58:dd:a6:09:ea:3b:2a:ec:47:7b:b9:ae:e1:
b0:52:5d:86:92:5c:d1:26:66:79:5b:3b:e7:8e:61:4e:15:0a:
55:23:cf:01:ac:12:e7:6b:13:52:3a:26:8f:a9:34:79:cc:d7:
63:15:f8:9a:c3:5c:62:0e:fe:5a:c2:84:7b:69:fe:98:9a:c2:
ca:ef:63:93:86:4c:df:ac:95:31:b4:ed:c3:3d:87:87:03:da:
35:5f:3c:38:27:c5:5e:05:4a:5e:4b:eb:44:ec:9b:be:b9:71:
6d:63:de:14:de:73:0e:11:90:85:b7:8e:41:92:2a:da:7b:65:
06:fc:86:01:3d:f0:bf:0d:45:44:51:36:c5:1b:9d:66:2f:61:
1c:70:b1:81:63:4c:de:13:38:6a:91:ed:32:51:91:ae:92:bc:
6d:4d:76:e1:14:39:88:3c:c5:2d:ee:95:16:b5:ec:54:40:cc:
e1:b0:ab:69:6e:3d:82:de:37:d2:b7:3a:be:89:6c:67:c5:c7:
2b:2a:04:d8:08:4e:f2:a0:84:c2:6e:36:20:1a:e6:58:a5:5b:
31:c9:74:ce:78:5f:4f:ef:d2:0d:95:75:f4:16:a7:61:87:17:
a7:b6:98:88:2e:8b:0e:fb:8d:f9:4e:6c:56:dc:38:5e:c7:db:
15:86:d0:8f:e2:19:9a:e2:25:76:ac:46:05:22:77:a7:ca:f1:
81:3b:f6:d5:1d:7c:e9:ea:89:fe:15:ea:6b:3c:28:77:d6:79:
dd:96:15:89:9b:97:1f:47:e6:95:c0:97:e4:18:3b:02:dd:4e:
62:e1:1e:6b:78:43:e5:49:20:89:33:5b:1a:84:1e:f8:2e:12:
73:61:85:09:b9:54:24:6e:c8:ee:b9:fa:52:78:4e:27:fb:39:
02:59:09:46:f9:d0:be:03:78:b0:f2:17:80:72:25:ae:a3:2e:
43:21:a3:70:6c:ec:70:2b:aa:9a:14:78:8a:b9:66:58:33:c8:
ec:6c:1f:52:f0:c9:20:55:d4:4d:88:fe:95:fd:6f:ee:ec:26:
a1:98:0e:3b:93:21:85:f5:5c:24:02:2c:ee:9e:e5:ae:c9:f6:
5d:3f:a0:5e:75:66:19:38:ad:0d:42:c8:49:df:20:df:b6:a3:
50:eb:de:ee:36:31:17:cc:c0:2e:cf:54:d1:5a:8c:54:3d:95:
a1:6e:75:c2:e0:e1:fc:ba:83:b0:04:1d:be:46:3c:ee:cf:e5:
a1:41:37:6f:41:72:7a:44:d2:3b:e6:42:d0:01:27:14:73:84:
25:e1:f5:19:8f:b2:b3:53:2b:c8:f8:9c:7a:c2:87:21:e4:e4:
69:76:1c:f2:b0:fb:b1:d2:fc:50:df:61:14:45:21:a0:5c:4d:
30:89:52:8c:51:1e:6a:cf:02:b1:16:b8:3b:11:24:f0:e7:46:
3b:45:d6:d7:ff:ac:f8:6f:dc:8f:96:ff:a8:56:cb:e6:05:cc:
2f:cc:89:7d:52:9d:00:3e:56:8d:fd:ad:77:ff:06:c0:4d:e5:
0a:22:b2:51:2a:f5:e8:e1:52:d4:ac:99:f2:96:bd:88:22:85:
c1:ce:45:3c:c6:66:b6:18:83:72:ff:03:35:04:f4:58:9d:64:
31:5e:36:b9:8f:73:e7:4d:80:d8:85:5d:34:3b:69:be:f6:89:
f1:e2:69:8a:4f:67:45:72:f9:66:be:1c:8f:88:98:a8:f6:8a:
e2:ed:50:cb:b3:64:d7:50:a4:ee:97:d7:ae:a5:88:73:bb:10:
28:18:47:c2:e0:00:8e:5b:e1:14:c5:9f:8a:6e:9b:5f:29:36:
36:62:35:0f:89:6d:d6:5b:19:57:8c:bf:d1:31:be:e6:a4:f3:
92:86:bc:be:75:f8:8a:a3:97:27:62:ae:b6:6f:54:31:64:85:
67:0b:35:7b:d3:e6:fd:2d:6b:32:7b:2d:c0:c4:25:2a:9c:26:
c8:31:74:8f:a0:c4:4b:4c:89:ac:72:72:8b:f3:cc:74:16:a1:
93:9c:3c:47:37:7f:3a:d0:63:b0:00:b6:64:63:5c:fc:8b:52:
0d:ea:2a:52:bf:b7:b1:87:f1:dd:31:e4:97:74:52:0c:0f:2e:
c4:87:52:db:ff:3f:45:ad:2b:65:2f:3b:cc:05:55:c2:43:c8:
20:34:9d:9a:92:3f:0f:a9:05:cd:b3:cf:96:9e:51:6e:d6:06:
e8:4b:a8:2a:e5:44:02:60:5d:04:94:91:bf:ee:e2:62:ac:6b:
75:28:13:cb:b8:f5:5e:fe:24:e3:6e:96:50:f8:0b:b8:28:a4:
8c:1c:94:24:a2:4f:57:d4:93:00:f9:f5:75:a6:80:79:a3:11:
00:3d:83:3e:78:72:b3:b8:eb:9a:ba:a9:0e:ae:e3:00:85:de:
29:91:03:ce:33:d3:3a:a6:74:06:7d:df:4b:6f:b2:cb:b0:ff:
6f:99:91:bb:82:55:3a:d3:8f:f1:e9:d5:ec:d3:15:c7:2a:8f:
3d:ad:69:6a:d3:72:f8:d2:5c:dd:e6:60:c4:36:90:2b:dc:5b:
40:75:f1:b6:51:14:ae:2f:f8:39:1c:e4:98:cf:86:68:a5:5f:
7e:9d:12:14:56:35:29:cb:a0:59:61:d1:28:33:d3:e6:6a:58:
2f:3b:5e:f7:ac:69:99:98:1a:9d:15:a5:79:aa:2d:af:75:04:
0b:42:d5:2e:87:a6:6a:6a:73:a3:74:da:11:cb:28:09:5c:83:
86:c7:61:be:12:4e:37:d5:80:38:9a:7c:8d:84:7c:91:8e:2c:
32:89:86:ba:94:bb:64:2e:48:ec:f1:4e:c2:c3:c1:9e:13:57:
72:dd:b9:a0:f5:9a:5a:b1:65:00:5e:01:25:f4:ff:30:b2:df:
ae:91:84:fd:53:bb:87:6c:c8:fe:3e:5d:dd:e6:ae:57:ad:5c:
a9:66:0b:0c:f9:c7:d4:49:fa:06:19:d3:8e:88:f6:36:43:c3:
72:f2:ad:03:4c:33:17:ee:69:a5:ae:4c:1a:21:40:28:54:8a:
66:ef:74:c8:43:91:e2:9c:6e:a7:b2:f2:13:fd:e0:9a:d8:9f:
36:de:e6:57:06:15:60:c4:3a:d7:f3:15:d0:40:b8:2e:97:65:
30:c4:f6:88:39:c4:70:d8:83:a8:6f:bd:79:a2:1d:a0:3c:11:
36:54:0e:67:f8:27:42:66:9a:96:78:f2:19:8d:7d:63:05:36:
4b:6b:3a:1e:31:9a:e6:ed:cb:d4:b2:76:0f:5b:da:78:8d:4a:
b2:90:3b:0f:85:36:c7:5b:16:00:4c:38:d8:70:89:5f:94:48:
34:fb:a6:7f:3e:91:36:2b:50:9c:a8:96:9f:b0:a7:40:43:b6:
e1:f2:c0:6c:e8:f2:d6:8a:ad:fe:10:ad:9f:da:38:89:c8:be:
2c:b5:c7:bd:77:f7:79:0f:a0:52:73:5a:ea:b8:72:98:fe:70:
78:77:bf:f3:a7:5a:d9:44:85:2e:d4:7a:21:ec:07:e8:61:c1:
64:9f:3d:56:5c:cb:2e:c2:f7:7d:03:70:af:3e:f2:d5:8b:b7:
f6:53:88:eb:8e:70:a3:b0:eb:a6:9e:00:b7:ad:70:98:e2:6e:
43:2d:c2:d2:09:94:64:c3:70:9a:92:d9:7f:cc:3e:bc:c0:58:
af:b5:23:c1:ca:a5:55:6a:49:ff:0e:e1:69:2c:cd:6a:8d:e4:
fc:00:41:80:c8:ee:89:ea:07:c5:31:c2:58:31:84:f9:9f:1e:
ce:11:ac:a7:4e:3d:d1:ea:4a:cd:9d:e9:22:80:1d:08:74:d8:
37:be:ca:15:b4:7a:bf:f0:82:8f:60:ea:e2:e9:ba:71:0e:20:
94:8a:b4:15:a1:3e:85:77:b1:d1:f0:90:5b:51:ad:9f:0b:f8:
8f:40:f1:e2:7a:f3:b5:d6:9b:99:ce:a9:13:6b:7b:0a:46:7d:
a2:27:a1:5a:a3:5f:77:2f:9a:6b:63:ef:a4:a1:70:4c:a6:2b:
01:24:06:3d:0f:1b:a4:50:0c:28:0c:8f:58:90:91:96:24:2d:
7f:e2:aa:73:06:94:08:e1:19:9f:9c:64:b5:82:65:22:88:07:
d7:bf:b6:56:3e:77:e5:c8:bd:6e:8f:72:43:06:d4:1c:81:b5:
f1:ec:bf:7b:f4:a8:a9:03:f7:41:56:39:82:4d:5b:2e:96:32:
47:c3:be:b0:00:da:c8:86:46:05:8b:d6:20:5e:c5:39:a9:61:
8a:09:40:90:3b:76:65:8a:98:8f:d4:c4:a5:cb:40:a1:e3:cc:
3b:25:06:1e:be:4c:5d:ca:69:e6:b2:aa:31:9c:08:2a:b3:60:
db:65:90:ea:16:95:1d:14:d2:63:37:97:8c:f1:c5:1a:c4:86:
1f:be:60:7c:15:17:a7:26:d9:f0:ec:dc:f8:7b:6d:c3:32:d4:
de:7e:08:25:2d:26:aa:30:1a:bc:b0:5d:ff:46:0c:18:fb:bf:
db:96:f5:ca:59:a2:76:01:4e:82:3b:63:2f:89:53:10:9d:a3:
b6:57:fa:39:03:63:d2:5d:ce:a1:79:80:25:b7:1a:74:9f:1d:
d3:95:48:a5:3c:39:d9:a7:25:ef:63:29:0e:fc:fb:a5:6a:a4:
7e:61:c9:c3:90:bc:f9:23:8a:b4:68:3f:5f:cb:de:4c:34:10:
81:97:cd:a7:54:67:ed:b5:47:a3:75:06:89:fc:1f:70:65:86:
2d:96:98:b9:16:92:f0:c2:bd:01:a2:8e:ac:2f:d2:03:68:6b:
00:d4:81:7f:dc:a1:96:7d:b5:0f:76:16:b0:1a:2f:7a:bf:7c:
4e:b8:a9:35:ba:40:5e:b3:ae:6e:8a:78:85:f8:cc:64:7d:88:
c9:2f:5c:1f:5f:19:eb:ce:2e:60:e9:e8:77:97:5b:63:11:e9:
e2:fb:81:e4:01:af:54:12:8d:be:aa:29:71:2d:54:74:c0:5f:
07:88:8e:3a:05:86:05:56:3f:88:3a:77:54:c8:e4:94:67:29:
c4:b0:47:63:0b:d7:29:97:1f:d6:5e:22:76:a1:4d:2f:76:43:
20:48:7a:44:ab:d7:52:25:7f:a9:14:e6:ac:98:34:22:5c:89:
6f:c8:8d:20:2a:cf:bd:c6:19:7a:3f:1c:f6:6f:08:bc:22:6e:
0b:78:8f:82:1c:26:b8:82:b8:ff:ec:23:7b:13:5c:95:7d:a5:
04:3f:c7:87:ed:f2:d6:fb:a2:bc:a0:ac:f2:17:c4:e4:11:56:
c2:2f:5c:64:66:fd:0e:c0:10:38:6c:f7:6b:ff:62:15:27:55:
45:5d:fc:f0:8e:36:68:66:72:96:40:13:7f:b2:b4:4a:ca:97:
f2:3f:a7:ec:38:95:7a:e4:cf:da:87:b7:aa:82:57:ff:7c:d5:
dc:fb:e2:a8:13:9b:2a:a6:6a:7c:82:0b:be:ef:71:67:92:9e:
01:83:40:1a:71:64:b3:63:57:9c:55:a6:ee:de:68:85:78:70:
97:82:f5:67:74:d4:94:b1:fe:fd:f4:4f:26:ed:49:55:78:5c:
b2:be:da:5d:f5:18:56:8a:58:4e:82:bf:88:34:8b:9c:d4:32:
49:cf:56:ae:6d:d0:45:76:9d:c7:17:7c:90:34:b9:f5:ba:a4:
32:92:7c:2f:77:bc:83:df:06:22:b4:f3:eb:d2:d3:36:22:32:
b8:c1:4a:44:96:b2:15:13:be:44:c3:fa:55:34:fc:32:37:10:
f2:28:39:c9:cd:d5:e0:b2:ac:d1:38:d7:71:06:50:08:68:c3:
6a:ae:86:7e:b9:a8:3e:2a:5c:b2:6f:79:64:e2:00:b5:cd:d6:
18:61:da:0b:93:4c:21:f7:9d:ca:e6:e8:5c:d3:75:53:38:c3:
82:e5:35:e7:62:95:4e:73:67:11:27:22:6c:0a:ac:70:89:d5:
c8:aa:94:b1:52:5b:b9:51:35:d8:29:33:16:9a:83:95:e2:6c:
0c:ba:e6:bc:b6:bb:26:5a:e4:92:1b:21:93:0c:03:73:ae:92:
0b:2b:3c:f0:6e:5e:20:88:09:f1:07:f0:8d:02:15:d5:78:4f:
e1:d5:8a:42:ca:e1:09:fd:34:b5:3e:a4:0d:57:54:86:40:bb:
5a:0e:8c:2b:86:58:f2:e5:9f:f3:b4:0b:41:1e:ad:41:d1:8c:
eb:60:e2:04:1d:97:d4:4f:53:69:34:72:c7:bd:df:cb:ae:29:
37:31:69:1a:d4:ba:c1:56:33:ea:e3:d5:f2:9d:45:66:5b:ad:
e7:59:a3:34:fb:85:de:31:41:9f:d3:ca:71:30:5b:d5:f3:46:
ac:d2:60:ca:a8:c7:06:35:02:fa:0c:49:91:fd:a5:7c:22:81:
2e:f6:74:ad:d0:da:5f:82:3a:3d:e5:aa:05:a1:fc:aa:c6:bb:
48:22:da:0b:a8:7d:96:0f:54:76:c1:7b:6c:df:2f:2a:76:29:
21:f7:8a:12:08:4d:d1:f5:80:13:d2:b8:f3:7a:62:fe:f0:d8:
81:df:d8:32:ea:45:31:ac:6b:b7:58:f7:29:aa:1f:43:73:23:
ea:be:e2:cb:56:32:17:23:fa:25:8b:98:51:b4:b1:43:0d:0b:
9c:5e:e7:d2:7c:1b:e0:4c:c5:df:88:fd:b7:2c:4a:19:3f:38:
4d:6c:f0:ab:97:42:65:df:47:31:8e:76:4b:7a:9a:0f:65:67:
07:c7:fe:84:af:de:e9:33:d3:97:4a:9f:78:74:aa:1f:99:8e:
5e:15:59:f4:60:e5:3a:56:25:7b:52:b5:3e:ec:f2:1f:6b:3c:
89:dc:58:01:9a:ec:dd:f3:21:c6:4e:57:e0:b6:80:1a:03:2a:
9f:13:a9:92:d3:3b:b1:6b:db:1c:9e:7b:79:74:59:64:eb:8a:
99:16:2f:bf:78:c1:de:a8:61:46:3d:93:0f:12:dc:0f:a6:d9:
ff:ae:b1:c2:2a:b3:aa:a3:6c:c1:fa:b0:a8:79:73:07:a4:2e:
6f:ac:34:f4:99:c3:03:86:21:2c:17:e0:a3:b2:76:bd:32:31:
9b:9a:98:35:d5:63:08:06:f1:3b:4e:d0:db:25:87:5f:75:14:
33:ba:70:a3:a8:64:30:8b:3e:d0:cc:56:61:c6:ab:cc:8e:db:
ff:a9:38:bf:92:8c:30:08:bf:84:71:61:18:df:15:7a:01:cf:
d5:53:6d:f4:6c:64:5f:82:7e:14:b6:77:17:fc:d5:6c:44:02:
bf:41:db:ae:e6:d8:3e:29:50:c1:d7:be:63:cc:9c:27:26:49:
8f:90:9b:cc:f4:c1:c4:82:8f:54:18:6e:f4:9f:d9:8f:03:5f:
15:77:d7:fe:d0:a7:f7:21:ce:31:1a:05:9f:95:53:2e:cf:bf:
ec:f2:bc:81:8d:01:a9:47:74:71:0d:23:dc:28:45:93:b7:5d:
b7:98:7c:ef:25:e1:2b:25:9e:fe:47:34:29:e7:48:db:94:22:
bb:c0:d5:2a:03:74:4d:12:95:41:d4:dc:c1:97:af:f5:8c:e4:
e1:ff:39:a1:5b:3f:33:df:22:dd:ff:67:17:92:a3:f4:c1:af:
6a:d9:27:17:ff:88:d0:3a:ee:d8:e9:32:b6:83:8c:46:6f:13:
52:98:f3:66:90:be:e8:f3:0d:24:9c:7d:cf:e4:60:3c:eb:b3:
78:70:a8:57:c5:22:fe:6b:1e:d2:31:ba:46:60:d2:ae:29:9c:
47:fd:1b:28:89:aa:f9:af:f8:ca:c5:2e:e2:66:67:fc:75:2d:
9f:6c:a2:48:d4:ea:93:2b:2a:7e:a5:11:31:64:d9:57:0c:75:
79:cb:0d:2e:bf:0e:69:36:51:8e:46:7e:56:df:ad:56:73:09:
f8:78:29:f0:63:b2:a6:c3:b6:f2:83:54:c6:fa:75:f5:24:ef:
5a:ba:bd:03:b2:ea:3c:d0:d8:cc:d2:45:00:be:75:38:ba:46:
af:09:a3:67:52:ea:46:d7:c7:01:74:cd:2f:48:df:f1:1f:64:
2e:af:e5:99:76:b3:c3:3e:47:c8:be:2c:8a:1f:ec:4c:ea:16:
f8:09:b1:78:32:90:dd:75:bf:db:ce:ce:d9:96:7e:85:ac:c6:
a5:b9:c9:48:df:11:d3:eb:05:59:07:2c:a4:ac:06:d8:6f:b3:
b0:09:9b:0b:c4:ca:65:88:89:1e:76:fa:12:bb:66:cc:f8:7f:
d1:90:42:6c:f9:b9:5f:2d:9a:62:00:96:2e:ef:b2:5c:16:52:
d7:2e:b0:e6:52:f0:b6:d5:c2:d5:e9:73:c4:a1:42:c5:55:34:
55:3a:75:c5:61:09:ac:a9:2d:70:d3:c7:c7:48:c8:8b:0c:2e:
76:fb:7c:1b:e2:2a:1e:0e:d8:6a:95:b0:2c:2c:8f:43:13:56:
68:d6:a0:85:66:9d:48:75:e0:46:89:3b:b0:b1:5d:3f:8e:a8:
d2:db:ae:35:2b:8d:b3:11:77:aa:c6:a5:11:e8:3a:d4:6b:ba:
45:bf:44:e7:9e:63:6d:6c:11:58:c1:7a:74:d2:7d:85:78:ed:
ee:9e:dd:c5:07:b1:f5:c9:9e:d0:d6:d6:9e:2f:89:7f:67:47:
e1:51:79:72:f1:2a:5a:9f:7d:c6:8a:a3:9a:87:26:00:0a:06:
2a:0a:95:f0:5f:6e:81:e1:71:cf:af:b3:3f:93:1b:23:47:d3:
28:8d:8c:f6:c1:cc:12:03:c3:4f:dd:d5:e5:a9:87:2a:1f:c0:
ff:0a:69:7e:73:55:d7:87:79:9f:7d:fd:f4:f1:4b:79:49:d9:
53:8c:58:22:e0:4f:21:bf:d6:56:cb:bd:b3:aa:a8:b4:d2:93:
60:ac:f3:cd:57:80:27:11:ee:98:e8:c2:93:12:b6:a7:0d:a1:
5c:e0:64:2d:8d:d7:09:70:ac:b3:c4:21:44:76:04:5d:f5:cb:
ec:15:ba:b6:1c:66:c5:72:3d:07:2e:b7:26:ae:26:8c:c0:01:
46:7c:c7:85:63:35:6c:8d:47:bf:22:60:b3:40:e9:fa:05:06:
7d:61:26:ed:ed:f2:b0:a2:fd:d0:e5:1b:ab:0a:8e:01:df:93:
50:89:76:b6:ee:49:41:24:e6:41:cd:10:b1:48:73:f3:63:7c:
72:41:83:23:89:cb:dc:af:f7:9c:7f:9d:55:68:f7:d8:c7:a6:
57:75:38:0b:21:b6:37:b0:ec:ec:05:e6:f9:03:b7:b2:c4:fe:
d3:d2:29:29:a9:5d:54:ce:d4:72:4f:51:b7:a0:f4:45:95:f3:
7a:2f:33:a4:3e:b0:34:f5:ff:68:1c:4a:6a:da:62:cd:1d:fe:
a7:ce:5a:b5:eb:79:08:cd:c2:78:d3:78:bf:04:af:7f:12:a2:
5b:af:c0:b2:67:be:44:64:b6:d7:13:86:e2:bf:19:c6:e4:f6:
e0:4f:21:1f:68:1d:77:3f:6f:08:fa:54:cc:a7:b5:6a:6f:fd:
a7:9d:61:37:5a:94:46:af:71:2a:bc:8a:5e:44:d7:71:cb:49:
c2:fd:51:ff:d8:ab:35:23:1a:84:47:4e:a0:af:e5:55:ce:bd:
49:76:57:35:4f:8b:90:23:a4:d0:11:a8:c9:bd:7e:7f:e5:d2:
c9:c0:4f:b0:95:13:25:ae:af:54:77:b1:e0:12:34:59:25:d1:
8d:8f:36:2f:2a:ac:30:38:3e:4e:00:36:43:76:12:88:f3:d4:
c1:fa:73:e5:84:27:c0:57:94:4c:34:03:55:cc:ff:6e:a3:c2:
c5:d3:2f:2d:ac:7c:2b:74:3a:1f:40:74:df:92:60:d4:64:b4:
bb:6c:26:3e:88:6d:1d:96:e3:c6:44:01:5a:61:1f:9f:81:99:
32:77:2e:ee:a6:85:9c:99:a5:b9:0d:e3:31:98:a9:38:bc:ee:
cf:65:07:85:5e:77:de:b7:b4:f8:91:1d:ca:45:47:00:b8:80:
ef:66:20:cb:f1:10:0f:d8:95:22:c1:fd:c1:98:29:1e:a6:44:
d6:2b:73:d9:73:31:fd:9d:fa:f2:b1:1b:eb:7e:3a:a3:fa:c4:
8b:d6:49:54:c9:2b:1c:e7:14:00:ec:30:34:4f:c0:cf:10:5a:
18:27:fa:c6:ff:21:11:6b:55:ff:d6:84:0b:e4:c7:0f:60:5b:
59:d8:84:72:59:9f:e7:8b:70:8f:3f:5c:88:19:3e:b5:27:b7:
45:ea:65:6d:7d:7c:86:55:7e:e1:a9:f3:5a:f4:3f:11:cd:ce:
90:c8:f2:d9:a6:2d:04:ed:f1:89:40:1f:7f:4e:a4:e6:d6:b9:
af:e5:40:e9:b6:88:38:17:e3:49:98:b6:9e:ae:84:7e:5a:fa:
03:85:7f:a1:9f:b3:1a:39:ee:7c:7f:e1:22:e3:9f:ec:f7:94:
15:78:a1:a8:a1:10:8f:29:73:28:a9:c0:df:21:2f:a0:56:5e:
ea:fc:9f:7b:c2:96:4c:78:56:79:b3:be:de:54:80:04:a0:af:
7f:f4:63:52:eb:30:ba:db:79:a3:9d:36:12:3a:79:03:76:6d:
ea:65:d2:b8:b3:ab:75:b6:0a:ee:09:be:fd:23:e9:32:76:4d:
00:78:35:a1:b4:e5:4b:d6:a3:34:17:16:fd:9e:9d:d5:75:8e:
3b:b1:84:8b:4b:8a:fc:e6:9a:4a:79:64:b0:0c:4d:5c:f0:b2:
8c:b0:2c:d3:74:db:18:2d:18:7b:83:57:7c:fc:1d:09:9e:bb:
0e:df:42:d0:8b:4e:5e:7f:ee:9f:bf:2c:d9:39:23:7b:e1:a1:
47:b5:6f:c4:9f:62:85:e7
-----BEGIN CERTIFICATE-----
MIIg8TCCAiugAwIBAgIUGrmlEei1Lm0G28g53xpQBCEe+UQwCwYJYIZIAWUDBAMa
MIGjMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96
ZW1hbjEYMBYGA1UECgwPd29sZlNTTF9TTEgtRFNBMRswGQYDVQQLDBJSb290LVNM
SC1EU0Etc2hha2UxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3
DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0yNjA0MjgwODEwMDRaFw0yOTAxMjIw
ODEwMDRaMIGjMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UE
BwwHQm96ZW1hbjEYMBYGA1UECgwPd29sZlNTTF9TTEgtRFNBMRswGQYDVQQLDBJS
b290LVNMSC1EU0Etc2hha2UxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0G
CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAwMAsGCWCGSAFlAwQDGgMhACqM
jF2YEIFMAUeaq+RxTydF4qwQjpWAlJQwoaItuSqzo2MwYTAdBgNVHQ4EFgQUYpCQ
5Tp0GBv7aEAHpYOdcC5+yfAwHwYDVR0jBBgwFoAUYpCQ5Tp0GBv7aEAHpYOdcC5+
yfAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwCwYJYIZIAWUDBAMa
A4IesQDzACESZkMN+yy+Er7tB0+ueBtMz+LohcvkaPBubmN44RAMPH0PVwPcrHOB
fMled+LQdwqxfgPMO/akGeTh3YnV3c8Lwheg/f0I2NPIEhyo3rugp7qBu8mwvQn9
Bc/4iVw41w+mj4WYzT6jwZrpTGu7DiX8PYMZU4o4/+gb2ss1JD4c3oydg/cqnlJL
GwoU5rQfW94NP2iMq+na2GE3wsDjKLLfQQ7SkDDi9qQYoR9DxDCjaJ3B1oHRKi6m
an3Ho2tP8W5nXbAIS58PwZhPXhOARNfA1zLWr0Khy8CG89PbF4nt8b2v8+t28Sqc
DNnJhotG+ArPX+f7UKFp5V6leIFjWpwtpLIr1vrB+X56ATmxDxey5nSwAVlZFPZJ
a/ljSoQyg4Asz45OC/b/QUdrwvdUz0QJDhLNjo/wWASAIKhw26aojLo9lwbSDz3P
xTmAW4r3ImffkmKGP+WP/g/y6Y9s6nvvLcHbnGvFk+YzcFmbVz4+tA8dl7IlB1sQ
BWDUAk/LXc5pUWmGLnSCwwKdHHcoHbXUoxjGnFnUqB0OOJ+qExDDwjnR4sa3+OPD
aJ47ipFB0JNPYwbP1+JYFRmjyhQL1Z+BLtg1Kcpec3XhuzDViV/8s7XeWoY+H8Bl
+a5zzu96wGhlkV8gItiRz7iurXO/33Hamv4olCY+juhQSoaaDAf7958pxQZLPtEL
Do+k8sDb3NW3np8PUw7+dBPjkaWkQOtMQ3Prt5lP3qHyKbyfHtnz3adgZX7GdCdu
+6li/MmHqrOXtq0iTdNYE6S3LGD68dDZS0PQUzRhXB1IWuQRKhxDTkU6fm7HBQ99
2PMf4pn5Rd/pWbZlqkF4Oh9ovN48LcMaGnJ9P7QklI6Q+acv4oaHd4iPe5iCHAOZ
ncforWJJ4OVRUJVn16o7Z8RUfGzx/tVNF32MmbRJSlfdm/1GHDOhjz9CvlanBgC+
iB0BOMUoqLSDSrmEfc06e214Ln+c5EbKGJ+q0v4kduWzpjzer7iirnC3LnYTKR5r
fOtU2CxFd+XGoimmso1U4mD4NCFb7LGYSfsaDs1UY8vjDPw4EWrlSldqld47cMKl
BdAQHOvFOUqw4oGCQZ8Lvo2D+hycgea8htEoaV3MZ1pDhC6db82v8HklY3MKjx0U
nczlZem/Cdn+09xaq9sOAh34z1G+cDLxHskZy1LNy2DL4T2BjbD18rwhw7Jxe0xB
N75DqOPah1+PuSOjjGjXkI66zQVyHDaCe8VUKbBB0aTg+Mg8xfcmUSfCh3EaDoZU
L0jP4fir8Z90Nr7RRSETE07VyJj3UQywQSXkzAQSfQMRRTf5ElGjpvgl2OcZsuUg
N3HjlX0etW646IsFQvfUl1fiPcaOjKmGj1fA2kGJjQeMs87XOZO1buD7Wa92iG+E
X05Ua0LelU8XJlxIv+xl3XOMlsVdGlp5+mcIBclyLxscN94aohfr0WFnKVYAsD+c
17zq3jHtLAlLSqbFUkPVOG+CtLnJnTsaYJGMsJPCkajxnBDzo55Ta+f9hIPsI/ld
BV27whZRrqr0KlM8jF1e983XZMOpzvl7MfXE+2jjl0wIv2R8WG1LEXVvqBNOJHZj
R+/p/70MfMz4XpHpJbaet0KXok3JS/iCEOpFoYFdtw/t4OAn1IjJbj9HuB3XZlHc
D0vMy/uo84VDYHGqZstmVDpjv6zhqskG4Usm9991qL9FcL0Y2JFYu4pRDnlYAT1F
BV6dArR9BkgNWUz6Su7+cloDrVzr5UQEtCCQWnkcL2LVSYlZFsJ1BzUs2vCZPVtJ
s76rHyoAzRhHOiCP5e7UueWbr+82u0L3gAKX4eNKUumV5BXrQMvBoBEXp4iY6zSz
vlbQri2c/jjrUYz7F3Rmt/VXt+/I5aifSoffMIzz8fQzu/tidjZo+FC6jLLrzVyO
CgPVT/qBa2TlW6HxJ5gmCGndIXCd+iQfUaW1okgf/vvOgpPJc8zDWzBit+iMgiZX
4Cmnl8GYxZmE9UqZ0yMdp5EaznHh/b5ZDtqpgiMdS0lfBXwgvP8x8sY7fsc5dDcz
2/B6vQbFa3EBVzYU3YpXqG71Ql8dh4i9cG5vlLuCRKi3pPjDWSV2torjKhWiIjOQ
uribeF3zvya3oEcTMbYA4RmwUyX4KMdgYrktsZeuGp1Bt2bi0AkRY+oDJxvdx9Yg
isOoJ92zWdAOnvevvn4wU1GpeVNAMaxdIEULYpaYGu1XKztlekmFbxVspUtT9UWP
pkbTjZOv0yC+ybn620dIBxTMpx1+ZWZE90LOQO8DGpa9vuHFM47schrKtWTlmClo
KSept3WEodDGO2MY+nfAMQCcj2RqNFTTWkNT0DX14hHPnU6yMwEcSXNWr66rBHLn
2cyMfx0jDn0dRi+npVnVoIwxWwjNOoy0jWjbppQISQIWVeM9Sck19uvgX+e/tmd9
9TBXYNbwHusNA0Scyz3aof/E7gvyf49NivJHE1UsxarN2Q/HumHzbOP4NRofacYh
lPpbki128XgW6TH9/HezV/WmjI0cVZ7GTojYV0voN9qocpUlY0ZPc75g/1gQNu2Y
+2MH4RmI9HOjs0i9eCKF95awY59jiUY1WrYYYdhnjbqzfoN7uH+U+5PFNLcz2F3X
+taOSmxUPCnliDaMlh07rAhssgXXcRI565BGGP6gRpejAPtDjrRQGrXz4nIk/kU6
unEjxotbm34X/FI8NOcW9wdsmBsRxYs5K5dZiUsteydUQeu8IAJQcLtsyTRo1mcH
OV5OUN+L9bDKvkLaNGRI8syYkvBmP9Buh09c7/31kbNSOUhw0JmjD2fZ/Zpq81zc
ROCk+FzDzIVkfKxsF38jPH6yEIbFV5QmC2qq+TTXWkGAhev8qf0UlO3JSOTdOKAh
JxLIRPtD/hpKqxMitpwXyX+ZnCL6WVc1pWr3kGdYZbJ8al5DL08a9rFsM0+Eg+/5
zFwKmi4RJeB3jNMLkBXR/31L0qapuqS/CKNl/7IV07TphnTOXobA8gzQCSdHSKqJ
iOfKRxNP87jX5KqvJ3OTkG5G+5u0PyrXvP4bnjIJtdSsOSCrUqtC0nqJg9nwT4uL
red9UYLDmphWfg5RqRM1pXw2hjbkjunXhNGCnM2tmYsR96dm/jZHVkZnr1l29535
Ovk/ECInSmzLMitZE/Sg/dY7bGCRvarzpTGN7ho4kBk+o43iEA6zo9p/deJ5vzaG
Fny8lLJ4V8VFAm6Zrc8tIcRsWbKylHroRiwSYZl0Loc+/SViWIkgNaWDPdHVXOIX
WHOc8KmQE++gsDgIqEb5B/G+MZzsrGWCoe79OV17bVMspiNIWSsTYxaTaUZCT5jI
cNwQp/6KKJFvJsuo5SY3dcykzYhJTxANwkZEaHpYgrQVeEfzGnavzYT+4NaTHvkh
G9SiEyk8Gr0q/tTNZeYU4TGCFL2eCeK+uYCPERGVctmkDcRuJDGe6c+eoOL6fUuw
AyWykOZ+CDk3Fzigk/KM/4zuaA4RdO+1t0chMoKbJEfgiL8VYeI+VaaH1vC695l1
TX4udgaM/J74uzvldHDhMA4GrQGkbUXG9FVHKEXNeo8pdyiao73KLbT/UxChxrdR
WQsE/7pybV9DTt827avZ1km8jI6+U4Qu4wCj6zNJI62umH2lsEkp1NFeWhFeAfT0
EzFc09a3CNolh321cxJ0Bg2XUn9gCEIqrxT1MIms8zIhLOgW/EUTiShuSpWH/DA2
VX5lAU9VUjk5JUAhTDDc2WxfWP5XK4PZoNtPs04CSI63cJ/rCphhknKEPlN8xvM+
P3A8wv+YTBumccEV+OUDT1Ni/uzZLYyD4KNCfdkWUQQtQkgRSmIxBtQCXZMxIapH
2snGSb7kcU5XNkaUv/vjiDtZd20TzzRiNLpGg2QeIhB0GKWy0oMROq24cpNIxGod
tcLZ3S1Pv+vmP5/hhZvxLgNesPXdizPWfF7kNOu9YtyAA8/N7e8pTu3m4O/UHmvU
ob2xI3Nx96x9w+vmN6uNRuEkk5KwjfCEu/f2URlSdpTOtfQ+XgqO450UQzFPFJES
m4F9Uf4ikyjo4deLcpAeRGHSBxf174FpJ7qlpOouz5wEz/0Pwi1NV4BJu6aSvnqO
Spm31NcIY7QsG7+2uzFsE3+EGXrjwFdexV+aJ+2yiyNlltXgWexQDmOo339N3G41
2DKGlIh6ID1nZwjl7Qj6N36Eb6Ph02Ly9xnx73O1aqgWQi9BeuNmvhSeXCKV9DEX
RKhs6qxs1sapduvJJB6Tdkj0FDoY8jJo+J7LU+GgBAuopkvCP9dNcjp3NOl8thgm
u+Xo1xskhurAyAqB6lBatzzKert6hU8D0n2XRIAMrFhIoDN0YmnbmXW4p33EZC8A
tafB7D1p48Ww5kesG8CyFXV2hKT3Be3+berAL9M3ctyyiyNFHCHxa1yvWRK4kp++
WbdwaAjW5TCyzBY3NSK3fX1hLvGBowiZzR+2Uvf5U8Lc5E5AVFmaCkv9kmRZcWTd
1JR0rORbyKmtogu8ZkWtMHa7MoEK75IAUHcOsmEOY4qoqNGEiK5SU9ObX674pTW3
QFGVq27vhMSEDzuPdTMFbUIsqiDaF1y4y80IVGoY0cANfRTl/WQdj+e2q+NLlbyz
l/bnxiOGn5jdCkrL3wJdG2apWPc9suweWVM4ZK0PVxtaEIE9+CJtr7fqCMqxmNZm
iabbOsSANRijfo/MMhbSaxWDaBUV7SN988PfqF67DGEOP4W+30eaWMGEFakUFOXw
ri3I3WQN2+F4YnotTjG75D36ktnKz7PiJXkzstOb9MHb/iTe9UfMm9lHtrI86SU9
FV/h54Zm8UuMVr+8E9vNQKtFjrrz8GefRsZyxtYzeiY5mGwTzCrPmUTqaJcFjNy5
RaQQO0NmrxVED1PHdmywWdvFhcJUyVvQrivEVM84YCqspY9lFdQCsaAXS8G1X79s
NCPuM/iCJ12PG1i28LgP3Mt2GektuIVvVRxkNsiM04TEzfelhpNGCnNF4eXMOcX3
YMzKApBm4Owj6SPAmPt16XQLiZ8yGmiJltvYcFaPheKoOQj7wFOM8q/yeQ2o1/Hj
H/t3tnD5QM/yT1rrvG3p9vH2Af6DH28p0RkQtR43gckPq13WNIDMurwidmzwox7N
bfwbjVjdpgnqOyrsR3u5ruGwUl2GklzRJmZ5WzvnjmFOFQpVI88BrBLnaxNSOiaP
qTR5zNdjFfiaw1xiDv5awoR7af6YmsLK72OThkzfrJUxtO3DPYeHA9o1Xzw4J8Ve
BUpeS+tE7Ju+uXFtY94U3nMOEZCFt45Bkirae2UG/IYBPfC/DUVEUTbFG51mL2Ec
cLGBY0zeEzhqke0yUZGukrxtTXbhFDmIPMUt7pUWtexUQMzhsKtpbj2C3jfStzq+
iWxnxccrKgTYCE7yoITCbjYgGuZYpVsxyXTOeF9P79INlXX0FqdhhxentpiILosO
+435TmxW3Dhex9sVhtCP4hma4iV2rEYFInenyvGBO/bVHXzp6on+FeprPCh31nnd
lhWJm5cfR+aVwJfkGDsC3U5i4R5reEPlSSCJM1sahB74LhJzYYUJuVQkbsjuufpS
eE4n+zkCWQlG+dC+A3iw8heAciWuoy5DIaNwbOxwK6qaFHiKuWZYM8jsbB9S8Mkg
VdRNiP6V/W/u7CahmA47kyGF9VwkAizunuWuyfZdP6BedWYZOK0NQshJ3yDftqNQ
697uNjEXzMAuz1TRWoxUPZWhbnXC4OH8uoOwBB2+Rjzuz+WhQTdvQXJ6RNI75kLQ
AScUc4Ql4fUZj7KzUyvI+Jx6woch5ORpdhzysPux0vxQ32EURSGgXE0wiVKMUR5q
zwKxFrg7ESTw50Y7RdbX/6z4b9yPlv+oVsvmBcwvzIl9Up0APlaN/a13/wbATeUK
IrJRKvXo4VLUrJnylr2IIoXBzkU8xma2GINy/wM1BPRYnWQxXja5j3PnTYDYhV00
O2m+9onx4mmKT2dFcvlmvhyPiJio9ori7VDLs2TXUKTul9eupYhzuxAoGEfC4ACO
W+EUxZ+KbptfKTY2YjUPiW3WWxlXjL/RMb7mpPOShry+dfiKo5cnYq62b1QxZIVn
CzV70+b9LWsyey3AxCUqnCbIMXSPoMRLTImscnKL88x0FqGTnDxHN3860GOwALZk
Y1z8i1IN6ipSv7exh/HdMeSXdFIMDy7Eh1Lb/z9FrStlLzvMBVXCQ8ggNJ2akj8P
qQXNs8+WnlFu1gboS6gq5UQCYF0ElJG/7uJirGt1KBPLuPVe/iTjbpZQ+Au4KKSM
HJQkok9X1JMA+fV1poB5oxEAPYM+eHKzuOuauqkOruMAhd4pkQPOM9M6pnQGfd9L
b7LLsP9vmZG7glU604/x6dXs0xXHKo89rWlq03L40lzd5mDENpAr3FtAdfG2URSu
L/g5HOSYz4ZopV9+nRIUVjUpy6BZYdEoM9PmalgvO173rGmZmBqdFaV5qi2vdQQL
QtUuh6ZqanOjdNoRyygJXIOGx2G+Ek431YA4mnyNhHyRjiwyiYa6lLtkLkjs8U7C
w8GeE1dy3bmg9ZpasWUAXgEl9P8wst+ukYT9U7uHbMj+Pl3d5q5XrVypZgsM+cfU
SfoGGdOOiPY2Q8Ny8q0DTDMX7mmlrkwaIUAoVIpm73TIQ5HinG6nsvIT/eCa2J82
3uZXBhVgxDrX8xXQQLgul2UwxPaIOcRw2IOob715oh2gPBE2VA5n+CdCZpqWePIZ
jX1jBTZLazoeMZrm7cvUsnYPW9p4jUqykDsPhTbHWxYATDjYcIlflEg0+6Z/PpE2
K1CcqJafsKdAQ7bh8sBs6PLWiq3+EK2f2jiJyL4stce9d/d5D6BSc1rquHKY/nB4
d7/zp1rZRIUu1Hoh7AfoYcFknz1WXMsuwvd9A3CvPvLVi7f2U4jrjnCjsOumngC3
rXCY4m5DLcLSCZRkw3Caktl/zD68wFivtSPByqVVakn/DuFpLM1qjeT8AEGAyO6J
6gfFMcJYMYT5nx7OEaynTj3R6krNnekigB0IdNg3vsoVtHq/8IKPYOri6bpxDiCU
irQVoT6Fd7HR8JBbUa2fC/iPQPHievO11puZzqkTa3sKRn2iJ6Fao193L5prY++k
oXBMpisBJAY9DxukUAwoDI9YkJGWJC1/4qpzBpQI4RmfnGS1gmUiiAfXv7ZWPnfl
yL1uj3JDBtQcgbXx7L979KipA/dBVjmCTVsuljJHw76wANrIhkYFi9YgXsU5qWGK
CUCQO3ZlipiP1MSly0Ch48w7JQYevkxdymnmsqoxnAgqs2DbZZDqFpUdFNJjN5eM
8cUaxIYfvmB8FRenJtnw7Nz4e23DMtTefgglLSaqMBq8sF3/RgwY+7/blvXKWaJ2
AU6CO2MviVMQnaO2V/o5A2PSXc6heYAltxp0nx3TlUilPDnZpyXvYykO/PulaqR+
YcnDkLz5I4q0aD9fy95MNBCBl82nVGfttUejdQaJ/B9wZYYtlpi5FpLwwr0Boo6s
L9IDaGsA1IF/3KGWfbUPdhawGi96v3xOuKk1ukBes65uiniF+MxkfYjJL1wfXxnr
zi5g6eh3l1tjEeni+4HkAa9UEo2+qilxLVR0wF8HiI46BYYFVj+IOndUyOSUZynE
sEdjC9cplx/WXiJ2oU0vdkMgSHpEq9dSJX+pFOasmDQiXIlvyI0gKs+9xhl6Pxz2
bwi8Im4LeI+CHCa4grj/7CN7E1yVfaUEP8eH7fLW+6K8oKzyF8TkEVbCL1xkZv0O
wBA4bPdr/2IVJ1VFXfzwjjZoZnKWQBN/srRKypfyP6fsOJV65M/ah7eqglf/fNXc
++KoE5sqpmp8ggu+73Fnkp4Bg0AacWSzY1ecVabu3miFeHCXgvVndNSUsf799E8m
7UlVeFyyvtpd9RhWilhOgr+INIuc1DJJz1aubdBFdp3HF3yQNLn1uqQyknwvd7yD
3wYitPPr0tM2IjK4wUpElrIVE75Ew/pVNPwyNxDyKDnJzdXgsqzRONdxBlAIaMNq
roZ+uag+Klyyb3lk4gC1zdYYYdoLk0wh953K5uhc03VTOMOC5TXnYpVOc2cRJyJs
CqxwidXIqpSxUlu5UTXYKTMWmoOV4mwMuua8trsmWuSSGyGTDANzrpILKzzwbl4g
iAnxB/CNAhXVeE/h1YpCyuEJ/TS1PqQNV1SGQLtaDowrhljy5Z/ztAtBHq1B0Yzr
YOIEHZfUT1NpNHLHvd/Lrik3MWka1LrBVjPq49XynUVmW63nWaM0+4XeMUGf08px
MFvV80as0mDKqMcGNQL6DEmR/aV8IoEu9nSt0Npfgjo95aoFofyqxrtIItoLqH2W
D1R2wXts3y8qdikh94oSCE3R9YAT0rjzemL+8NiB39gy6kUxrGu3WPcpqh9DcyPq
vuLLVjIXI/oli5hRtLFDDQucXufSfBvgTMXfiP23LEoZPzhNbPCrl0Jl30cxjnZL
epoPZWcHx/6Er97pM9OXSp94dKofmY5eFVn0YOU6ViV7UrU+7PIfazyJ3FgBmuzd
8yHGTlfgtoAaAyqfE6mS0zuxa9scnnt5dFlk64qZFi+/eMHeqGFGPZMPEtwPptn/
rrHCKrOqo2zB+rCoeXMHpC5vrDT0mcMDhiEsF+Cjsna9MjGbmpg11WMIBvE7TtDb
JYdfdRQzunCjqGQwiz7QzFZhxqvMjtv/qTi/kowwCL+EcWEY3xV6Ac/VU230bGRf
gn4UtncX/NVsRAK/Qduu5tg+KVDB175jzJwnJkmPkJvM9MHEgo9UGG70n9mPA18V
d9f+0Kf3Ic4xGgWflVMuz7/s8ryBjQGpR3RxDSPcKEWTt123mHzvJeErJZ7+RzQp
50jblCK7wNUqA3RNEpVB1NzBl6/1jOTh/zmhWz8z3yLd/2cXkqP0wa9q2ScX/4jQ
Ou7Y6TK2g4xGbxNSmPNmkL7o8w0knH3P5GA867N4cKhXxSL+ax7SMbpGYNKuKZxH
/Rsoiar5r/jKxS7iZmf8dS2fbKJI1OqTKyp+pRExZNlXDHV5yw0uvw5pNlGORn5W
361Wcwn4eCnwY7Kmw7byg1TG+nX1JO9aur0Dsuo80NjM0kUAvnU4ukavCaNnUupG
18cBdM0vSN/xH2Qur+WZdrPDPkfIviyKH+xM6hb4CbF4MpDddb/bzs7Zln6FrMal
uclI3xHT6wVZByykrAbYb7OwCZsLxMpliIkedvoSu2bM+H/RkEJs+blfLZpiAJYu
77JcFlLXLrDmUvC21cLV6XPEoULFVTRVOnXFYQmsqS1w08fHSMiLDC52+3wb4ioe
DthqlbAsLI9DE1Zo1qCFZp1IdeBGiTuwsV0/jqjS2641K42zEXeqxqUR6DrUa7pF
v0TnnmNtbBFYwXp00n2FeO3unt3FB7H1yZ7Q1taeL4l/Z0fhUXly8Span33GiqOa
hyYACgYqCpXwX26B4XHPr7M/kxsjR9MojYz2wcwSA8NP3dXlqYcqH8D/Cml+c1XX
h3mfff308Ut5SdlTjFgi4E8hv9ZWy72zqqi00pNgrPPNV4AnEe6Y6MKTEranDaFc
4GQtjdcJcKyzxCFEdgRd9cvsFbq2HGbFcj0HLrcmriaMwAFGfMeFYzVsjUe/ImCz
QOn6BQZ9YSbt7fKwov3Q5RurCo4B35NQiXa27klBJOZBzRCxSHPzY3xyQYMjicvc
r/ecf51VaPfYx6ZXdTgLIbY3sOzsBeb5A7eyxP7T0ikpqV1UztRyT1G3oPRFlfN6
LzOkPrA09f9oHEpq2mLNHf6nzlq163kIzcJ403i/BK9/EqJbr8CyZ75EZLbXE4bi
vxnG5PbgTyEfaB13P28I+lTMp7Vqb/2nnWE3WpRGr3EqvIpeRNdxy0nC/VH/2Ks1
IxqER06gr+VVzr1Jdlc1T4uQI6TQEajJvX5/5dLJwE+wlRMlrq9Ud7HgEjRZJdGN
jzYvKqwwOD5OADZDdhKI89TB+nPlhCfAV5RMNANVzP9uo8LF0y8trHwrdDofQHTf
kmDUZLS7bCY+iG0dluPGRAFaYR+fgZkydy7upoWcmaW5DeMxmKk4vO7PZQeFXnfe
t7T4kR3KRUcAuIDvZiDL8RAP2JUiwf3BmCkepkTWK3PZczH9nfrysRvrfjqj+sSL
1klUySsc5xQA7DA0T8DPEFoYJ/rG/yERa1X/1oQL5McPYFtZ2IRyWZ/ni3CPP1yI
GT61J7dF6mVtfXyGVX7hqfNa9D8Rzc6QyPLZpi0E7fGJQB9/TqTm1rmv5UDptog4
F+NJmLaeroR+WvoDhX+hn7MaOe58f+Ei45/s95QVeKGooRCPKXMoqcDfIS+gVl7q
/J97wpZMeFZ5s77eVIAEoK9/9GNS6zC623mjnTYSOnkDdm3qZdK4s6t1tgruCb79
I+kydk0AeDWhtOVL1qM0Fxb9np3VdY47sYSLS4r85ppKeWSwDE1c8LKMsCzTdNsY
LRh7g1d8/B0JnrsO30LQi05ef+6fvyzZOSN74aFHtW/En2KF5w==
-----END CERTIFICATE-----
+56
View File
@@ -0,0 +1,56 @@
-----BEGIN PRIVATE KEY-----
MIIKGAIBADALBglghkgBZQMEAxEEggoEBIIKABhSAaega5HUsoai6G/eXAfC1zWI
Kz9h4nyZdEvlx4g+JXOmk+lZB1kemzs39YRighKiTNPjWLe/x+I6CK2ByHsAbdQ5
LPwAnY47H524KBBi+N/AC/rfzwQv8LIuXEE/IlzHql4cQc1lmqDDQSkv8OZ77u0z
SfBmIcUsqWMCmDnxWaAkWrAN26Jo4DCGSpBg2RSAESki4shB2ChmHElRYjRigSAJ
GgBF4sJJk8hN2xggIkdsGDlhCxYMGQJGJCVKGEduigaAUQJEDMKFwBhFGRYAgDKO
UQRghIRkIzEpRICIyCIwHIkRAhYKXKCNgkJp0xBMVKRMBIhgAENRIhiM5JZFkiZt
ykgoDKgEIBCRAUUJ4zJIggAFEyMKEMlRAMFpiwYOATIQBBVNBMQxYQQgmEJhjAKO
AgSGG6BgC0cmGDmA2RhRyqiMGDBgmEhQCBmCAIlgEQmIibhpA8INQIhIZCIF2kYx
DEZOIAkGgkRhGoRsGTOCE6hAIxMtSoRFGrZllEIEA0WGAIFJ0EZtREYM3CYRm4AM
UpAlyjhKipQpQggQA7CFJLNFUbglILRwExRt2BICwIYNgQZEDKJsC7ZxC4lJ0jIE
AKltSiBA2aAk3JBMQpiNEARAChZswIAQkTYk0cCJHBISwZRI2CAkg0RwA6GQkYCI
CDNq3DBRHChuWZJNiCiOijQw0siJ5EAA1MAhIzcQlBRFlERA4KREioKAiRglGjgK
YwCFUyYBHBdQBCFIRKIxmABhhKZlQhQE4YQswkhEU5YImqaEUqhQYwZEYsBoEZEA
SEhR4QRwXBRAA5ghyKAMmURuIbaAG7NQoiIsG5AEUEiMHIGBiEZNUwBN0YJETCCS
GciISCaBJCBGC7Upi6SAm0BgkzIE5LIo2ZAFiLIQC5MRwiISAoFE1EKIgBQRm4Yw
EEdEQUII0JQQGyWAkSKNm5aBDAElxLRFVBBxYyYAUggIIMJEwRiI00SEQxQm2cZh
0yiIS7QhESSOXERpI0eOBLOIk5BJ4iIECDYGIyGCWJSFIUQMQyYtGcFsEoBEQkZl
AKkBjIZgWKAk4ZCESoCEyaZIyDSNE6KMCpdoiLBlXEIt4DCEHKEB0YAJ4JIAWwJs
AMWIojABFAgwAJkhg4IEibBFmyIkBAUSSChQYsIMA8BBjEgFiCJCYkQNg4IQ4xSF
0SRyAycO4oQoG7KAtbxqiXAgMUhMxG8iHXezrhzWKzXrdl5zeh6ojYaRchh81WYG
Rf64tj6OhO2L0KTx2bmAMNacjMg3p+Rr9cJc4VmAWW3ckeHzpteJRNzsV82GHbgY
RRPkPCm0996lZbV+gNDpXmvPgUKjtK7mOtfuh+YUkRVsoLGbrokY/gsZl6bW+UZT
2eWbGqS9osgd83OcsUZgiXXFHwN+dMvhSdjlUyPPUhgO+MC4vbhlKCKug/MQjKT2
jETaAiEi0gt5ipV6sg6QrHS5UnhMnThmvhNkHz6wLKbBTFrRkQ9DbWa6mZNCVrv/
Wh/k1c+sRG37laYjupbU4ZKXWht17/7qZjtyGj2162ui48gbXHHuvYEV+Yp+ZtfQ
aIQ0MtdeSMKC7gPaCoXQrT2a6Ou+tN3Ebslp1DSQ64TikVmXaOPyhp+ohKNUETuy
aQVKRtUDqqceB9zZv09KB1onH/hhdS8oml6ORgmxwN49VFUGj/GNf4fRk84MQ52N
pWDh0ZJTyRVyJjAiUT+oIcsdKTVK/ZU+1nCHaYdlWj4LhY6Ug7ewHk9RjEwLX84o
H6zQwaVXDOoyI+Rnr23cS3UX32SaVORHLyz4MGZafQ5GjpIEYF41QLdUfpWvYSS1
mM187RHXOsHSVDfm+IwYBCIRCM2d7sJPTv03+86Zm80XRr3Ey9074OzJBPo79Grh
58z1LRWKcaSBC51C54+Ifo6VHkfjYoN3epmDR8dWQbe8kpYBHdsMz/gjjzoDczSq
LY/Ou8KUgeQTm9miysl3p2nA+syXuEuPRq6GkaYU2P5i5q9uHhiBNvEY2tpDO7SW
kB/tAZ08LOpI7DmqhrrZi0dx4gEYrYXsQPynVwdHDLdgNDk+oIRK/mOFc/F1gLhI
/ruFPGVe1Bv7mGUy/kCwBJnhcxGVxCeXzCykrplL/GzRldQx2jJBz1O4EH1Ua1DL
yBVy58yvFpZdFVkqS8dEw2NHdxcAHOMcpzypvgTNxupJs+BQm/kWw7FhnMuXWkCb
4vpgzaLk4q+TzawMLBRTbIvT3DJVj9W5spV7kkl66RZsjbouCWJKRB4GF7mQ04GH
hS6QqqMsvtIMmk5QVkrN7BmGJhv6x0+7iLtiJYP6mYC7DDyHzLNFFSGsTHuE0gq2
us7dJkpixfnoWIJXhglsWPLb6d8HiDa5dA7lz3Z5AP926EVVvNqLJxED/0sEZjXo
xAdZMM4bDTiXKOW8hKCvdY1xJxe1+stsvqFToRHX1ycj/21jqoPaj3CKwocwZB+f
C1bayxFcTeZMBNONXF8XRa2BXYEViIvQ4Z57emLjvgzx6HMAKwqvjYY4r/xdP1xI
5BdxGyKGLksuVUdGOH74zHwkt8L4CKWJrwvV5LS++m/HL+3HteHdSydN0FcH+/eg
x84HfZMw8KJUM0ev1v28Vg2ySyto18uVFVBDGgVuxaYA6Trt3009/fj/+Qd6BURI
aGJslS8OOophSUU97W2LYEtw2sqYuH3g/d6tN/iNDGwp8a45nEwAP12jHlqZ+Enm
ZzuLhEMgv92vYOOUyJf0CJEfpBAmc2guufLbu6jetOXRUsWc/AcIg6EXv9ZRuJq+
L4xyLjdw4i1IUGd065YSP59V80vcexDYlwOHC89UPHfiQ+pViDujOBECWlITaK6l
LoZzYi8h2vcjA1QWbAX4/Eupmedrjh2c4Ldy76YLjxX40GlbRyzGhTf4GHqj3mpJ
466rJDFrPxa9QPmQoFkKalY6Ioj2VryASmMsUNx5dhucRjLI3vt++HLcDLAkA7jk
f/ZRELYe7xdF41bQrjDZ+sQCxtQMZO+jPutNbe+bTt9KQ9X8J7+9au70Gw4K5dk+
mjdYk9gNkyPz9iy2gWI6PUo7jeli2CraA2SnNSRbyioPmm3YfO+LfQrnwRVQ54e/
dJbTABNgOx+RMl4szQELpQV0VRT6mVNEdkR3fOjf9xLC+R2yC8sT0HOR0/rJMHbp
oHghshGqj7ZKh5tQfWaG1d9f80/gh/oGOeI1OGdrf5dkquRAO6qy5pq5ggoAMwO/
Dgy8glXrmPfvaIfutg4+sOKumqcduBB7/KVc2FLsSFdxs9uiwAHbUv3qXcJRQYJM
AaikplrHLx8UR76nRWEuwrqQXX1UfKuAGQPg66uYMKP3X049F1bkObajII13smZL
P8KHMxuKEbtK1e4dTYxOBQ7gMSwl+sY+dVTP6b9h0GyRwlvQkwSum4RuTsw=
-----END PRIVATE KEY-----
Binary file not shown.
File diff suppressed because it is too large Load Diff
Binary file not shown.
File diff suppressed because it is too large Load Diff
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
-11
View File
@@ -1,11 +0,0 @@
# vim:ft=automake
# All paths should be given relative to the root
#
EXTRA_DIST += \
certs/sphincs/bench_sphincs_fast_level1_key.der \
certs/sphincs/bench_sphincs_fast_level3_key.der \
certs/sphincs/bench_sphincs_fast_level5_key.der \
certs/sphincs/bench_sphincs_small_level1_key.der \
certs/sphincs/bench_sphincs_small_level3_key.der \
certs/sphincs/bench_sphincs_small_level5_key.der
-8
View File
@@ -217,10 +217,6 @@ function(generate_build_flags)
set(BUILD_FALCON "yes" PARENT_SCOPE)
set(BUILD_OQS_HELPER "yes" PARENT_SCOPE)
endif()
if(WOLFSSL_OQS OR WOLFSSL_USER_SETTINGS)
set(BUILD_SPHINCS "yes" PARENT_SCOPE)
set(BUILD_OQS_HELPER "yes" PARENT_SCOPE)
endif()
if(WOLFSSL_LMS OR WOLFSSL_USER_SETTINGS)
set(BUILD_WC_LMS "yes" PARENT_SCOPE)
endif()
@@ -1033,10 +1029,6 @@ function(generate_lib_src_list LIB_SOURCES)
list(APPEND LIB_SOURCES wolfcrypt/src/falcon.c)
endif()
if(BUILD_SPHINCS)
list(APPEND LIB_SOURCES wolfcrypt/src/sphincs.c)
endif()
if(BUILD_DILITHIUM)
list(APPEND LIB_SOURCES wolfcrypt/src/dilithium.c)
+1 -1
View File
@@ -254,7 +254,7 @@ int wc_DhPublicKeyDecode(const byte* input, word32* inOutIdx, DhKey* key,
4. Encodes the signature into the certificate/CSR DER structure
NOTE: Only RSA and ECC key types are supported. Ed25519, Ed448, and
post-quantum algorithms (Falcon, Dilithium, SPHINCS+) sign messages
post-quantum algorithms (Falcon, Dilithium, SLH-DSA) sign messages
directly rather than hashes, so they cannot use this callback-based API.
Use wc_SignCert_ex for those algorithms.
-32
View File
@@ -153,17 +153,6 @@ my @fileList_falcon = (
["certs/falcon/bench_falcon_level5_key.der", "bench_falcon_level5_key" ],
);
#Sphincs+ Post-Quantum Keys
#Used with HAVE_SPHINCS
my @fileList_sphincs = (
["certs/sphincs/bench_sphincs_fast_level1_key.der", "bench_sphincs_fast_level1_key" ],
["certs/sphincs/bench_sphincs_fast_level3_key.der", "bench_sphincs_fast_level3_key" ],
["certs/sphincs/bench_sphincs_fast_level5_key.der", "bench_sphincs_fast_level5_key" ],
["certs/sphincs/bench_sphincs_small_level1_key.der", "bench_sphincs_small_level1_key" ],
["certs/sphincs/bench_sphincs_small_level3_key.der", "bench_sphincs_small_level3_key" ],
["certs/sphincs/bench_sphincs_small_level5_key.der", "bench_sphincs_small_level5_key" ],
);
# CN-IP test certs (no SAN, CN contains IP literal or wildcard)
# Used with OPENSSL_EXTRA && !NO_RSA
my @fileList_cn_ip = (
@@ -184,7 +173,6 @@ my $num_4096 = @fileList_4096;
my $num_sm2 = @fileList_sm2;
my $num_sm2_der = @fileList_sm2_der;
my $num_falcon = @fileList_falcon;
my $num_sphincs = @fileList_sphincs;
my $num_cn_ip = @fileList_cn_ip;
# open our output file, "+>" creates and/or truncates
@@ -2106,26 +2094,6 @@ static const unsigned char bench_dilithium_level5_pubkey[] = {
";
# convert and print sphincs keys
print OUT_FILE "#if defined(HAVE_SPHINCS)\n\n";
for (my $i = 0; $i < $num_sphincs; $i++) {
my $fname = $fileList_sphincs[$i][0];
my $sname = $fileList_sphincs[$i][1];
print OUT_FILE "/* $fname */\n";
print OUT_FILE "static const unsigned char $sname\[] =\n";
print OUT_FILE "{\n";
file_to_hex($fname);
print OUT_FILE "};\n";
# In C89/C90 (which Watcom generally defaults to), sizeof must be a
# compile-time constant expression when used in a static initializer.
# So don't use `static const int sizeof_` here:
print OUT_FILE "#define sizeof_$sname (sizeof($sname))\n\n"
}
print OUT_FILE "#endif /* HAVE_SPHINCS */\n\n";
# convert and print 256-bit cert/keys
print OUT_FILE "#if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)\n\n";
for (my $i = 0; $i < $num_ecc; $i++) {
-2
View File
@@ -99,8 +99,6 @@ fi
- Add include of kyber headers
* Tue Aug 30 2022 Jacob Barthelmeh <jacob@wolfssl.com>
- Add include of QUIC documentation
* Wed Aug 17 2022 Anthony Hu <anthony@wolfssl.com>
- Add a new header sphincs.h.
* Wed Jul 20 2022 Anthony Hu <anthony@wolfssl.com>
- Add a new header dilithium.h.
* Fri Jul 8 2022 Jacob Barthelmeh <jacob@wolfssl.com>
+43 -20
View File
@@ -302,12 +302,18 @@ my @dilithium_5 = ( 1, 3, 6, 1, 4, 1, 2, 267, 12, 8, 7 );
my @mldsa_2 = ( 2, 16, 840, 1, 101, 3, 4, 3, 17 );
my @mldsa_3 = ( 2, 16, 840, 1, 101, 3, 4, 3, 18 );
my @mldsa_5 = ( 2, 16, 840, 1, 101, 3, 4, 3, 19 );
my @sphincs_fast_1 = ( 1, 3, 9999, 6, 7, 4 );
my @sphincs_fast_3 = ( 1, 3, 9999, 6, 8, 3 );
my @sphincs_fast_5 = ( 1, 3, 9999, 6, 9, 3 );
my @sphincs_small_1 = ( 1, 3, 9999, 6, 7, 10 );
my @sphincs_small_3 = ( 1, 3, 9999, 6, 8, 7 );
my @sphincs_small_5 = ( 1, 3, 9999, 6, 9, 7 );
my @slhdsa_sha2_128s = (2, 16, 840, 1, 101, 3, 4, 3, 20);
my @slhdsa_sha2_128f = (2, 16, 840, 1, 101, 3, 4, 3, 21);
my @slhdsa_sha2_192s = (2, 16, 840, 1, 101, 3, 4, 3, 22);
my @slhdsa_sha2_192f = (2, 16, 840, 1, 101, 3, 4, 3, 23);
my @slhdsa_sha2_256s = (2, 16, 840, 1, 101, 3, 4, 3, 24);
my @slhdsa_sha2_256f = (2, 16, 840, 1, 101, 3, 4, 3, 25);
my @slhdsa_shake_128s = (2, 16, 840, 1, 101, 3, 4, 3, 26);
my @slhdsa_shake_128f = (2, 16, 840, 1, 101, 3, 4, 3, 27);
my @slhdsa_shake_192s = (2, 16, 840, 1, 101, 3, 4, 3, 28);
my @slhdsa_shake_192f = (2, 16, 840, 1, 101, 3, 4, 3, 29);
my @slhdsa_shake_256s = (2, 16, 840, 1, 101, 3, 4, 3, 30);
my @slhdsa_shake_256f = (2, 16, 840, 1, 101, 3, 4, 3, 31);
my @keys = (
{ name => "ANON", oid => \@anon },
@@ -330,13 +336,18 @@ my @keys = (
{ name => "ML_DSA_LEVEL2", oid => \@mldsa_2 },
{ name => "ML_DSA_LEVEL3", oid => \@mldsa_3 },
{ name => "ML_DSA_LEVEL5", oid => \@mldsa_5 },
{ name => "SPHINCS_FAST_LEVEL1", oid => \@sphincs_fast_1 },
{ name => "SPHINCS_FAST_LEVEL3", oid => \@sphincs_fast_3,
oid_sum => 283 },
{ name => "SPHINCS_FAST_LEVEL5", oid => \@sphincs_fast_5 },
{ name => "SPHINCS_SMALL_LEVEL1", oid => \@sphincs_small_1 },
{ name => "SPHINCS_SMALL_LEVEL3", oid => \@sphincs_small_3 },
{ name => "SPHINCS_SMALL_LEVEL5", oid => \@sphincs_small_5 },
{ name => "SLH_DSA_SHA2_128S", oid => \@slhdsa_sha2_128s },
{ name => "SLH_DSA_SHA2_128F", oid => \@slhdsa_sha2_128f },
{ name => "SLH_DSA_SHA2_192S", oid => \@slhdsa_sha2_192s },
{ name => "SLH_DSA_SHA2_192F", oid => \@slhdsa_sha2_192f },
{ name => "SLH_DSA_SHA2_256S", oid => \@slhdsa_sha2_256s },
{ name => "SLH_DSA_SHA2_256F", oid => \@slhdsa_sha2_256f },
{ name => "SLH_DSA_SHAKE_128S", oid => \@slhdsa_shake_128s },
{ name => "SLH_DSA_SHAKE_128F", oid => \@slhdsa_shake_128f },
{ name => "SLH_DSA_SHAKE_192S", oid => \@slhdsa_shake_192s },
{ name => "SLH_DSA_SHAKE_192F", oid => \@slhdsa_shake_192f },
{ name => "SLH_DSA_SHAKE_256S", oid => \@slhdsa_shake_256s },
{ name => "SLH_DSA_SHAKE_256F", oid => \@slhdsa_shake_256f },
);
print_sum_enum("Key", "k", \@keys);
@@ -1126,17 +1137,29 @@ my @sig_types = (
same => 1 },
{ name => "CTC_ML_DSA_LEVEL5", oid => \@mldsa_5,
same => 1 },
{ name => "CTC_SPHINCS_FAST_LEVEL1", oid => \@sphincs_fast_1,
{ name => "CTC_SLH_DSA_SHA2_128S", oid => \@slhdsa_sha2_128s,
same => 1 },
{ name => "CTC_SPHINCS_FAST_LEVEL3", oid => \@sphincs_fast_3,
same => 1, oid_sum => 283 },
{ name => "CTC_SPHINCS_FAST_LEVEL5", oid => \@sphincs_fast_5,
{ name => "CTC_SLH_DSA_SHA2_128F", oid => \@slhdsa_sha2_128f,
same => 1 },
{ name => "CTC_SPHINCS_SMALL_LEVEL1", oid => \@sphincs_small_1,
{ name => "CTC_SLH_DSA_SHA2_192S", oid => \@slhdsa_sha2_192s,
same => 1 },
{ name => "CTC_SPHINCS_SMALL_LEVEL3", oid => \@sphincs_small_3,
{ name => "CTC_SLH_DSA_SHA2_192F", oid => \@slhdsa_sha2_192f,
same => 1 },
{ name => "CTC_SPHINCS_SMALL_LEVEL5", oid => \@sphincs_small_5,
{ name => "CTC_SLH_DSA_SHA2_256S", oid => \@slhdsa_sha2_256s,
same => 1 },
{ name => "CTC_SLH_DSA_SHA2_256F", oid => \@slhdsa_sha2_256f,
same => 1 },
{ name => "CTC_SLH_DSA_SHAKE_128S", oid => \@slhdsa_shake_128s,
same => 1 },
{ name => "CTC_SLH_DSA_SHAKE_128F", oid => \@slhdsa_shake_128f,
same => 1 },
{ name => "CTC_SLH_DSA_SHAKE_192S", oid => \@slhdsa_shake_192s,
same => 1 },
{ name => "CTC_SLH_DSA_SHAKE_192F", oid => \@slhdsa_shake_192f,
same => 1 },
{ name => "CTC_SLH_DSA_SHAKE_256S", oid => \@slhdsa_shake_256s,
same => 1 },
{ name => "CTC_SLH_DSA_SHAKE_256F", oid => \@slhdsa_shake_256f,
same => 1 },
);
-1
View File
@@ -1978,7 +1978,6 @@ endif
if BUILD_LIBOQS
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/falcon.c
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sphincs.c
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/liboqs/liboqs.c
endif
-3
View File
@@ -118,9 +118,6 @@
#if defined(HAVE_DILITHIUM)
#include <wolfssl/wolfcrypt/dilithium.h>
#endif /* HAVE_DILITHIUM */
#if defined(HAVE_SPHINCS)
#include <wolfssl/wolfcrypt/sphincs.h>
#endif /* HAVE_SPHINCS */
#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL)
#ifdef HAVE_OCSP
#include <wolfssl/openssl/ocsp.h>
+49 -54
View File
@@ -12179,8 +12179,8 @@ static int CertFromX509(Cert* cert, WOLFSSL_X509* x509)
#if defined(HAVE_DILITHIUM)
dilithium_key* dilithium = NULL;
#endif
#if defined(HAVE_SPHINCS)
sphincs_key* sphincs = NULL;
#if defined(WOLFSSL_HAVE_SLHDSA)
SlhDsaKey* slhdsa = NULL;
#endif
WC_RNG rng;
word32 idx = 0;
@@ -12411,63 +12411,58 @@ static int CertFromX509(Cert* cert, WOLFSSL_X509* x509)
key = (void*)dilithium;
}
#endif
#if defined(HAVE_SPHINCS)
if ((x509->pubKeyOID == SPHINCS_FAST_LEVEL1k) ||
(x509->pubKeyOID == SPHINCS_FAST_LEVEL3k) ||
(x509->pubKeyOID == SPHINCS_FAST_LEVEL5k) ||
(x509->pubKeyOID == SPHINCS_SMALL_LEVEL1k) ||
(x509->pubKeyOID == SPHINCS_SMALL_LEVEL3k) ||
(x509->pubKeyOID == SPHINCS_SMALL_LEVEL5k)) {
sphincs = (sphincs_key*)XMALLOC(sizeof(sphincs_key), NULL,
DYNAMIC_TYPE_SPHINCS);
if (sphincs == NULL) {
WOLFSSL_MSG("Failed to allocate memory for sphincs_key");
#if defined(WOLFSSL_HAVE_SLHDSA)
if (wc_IsSlhDsaOid(x509->pubKeyOID)) {
int paramInt = wc_SlhDsaOidToParam(x509->pubKeyOID);
int certType = wc_SlhDsaOidToCertType(x509->pubKeyOID);
/* The OID is a recognised SLH-DSA OID but the parameter set
* isn't built in; surface NOT_COMPILED_IN directly so
* callers can render an accurate diagnostic. */
if (paramInt == WC_NO_ERR_TRACE(NOT_COMPILED_IN) ||
certType == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) {
WOLFSSL_MSG("SLH-DSA variant not compiled in");
XFREE(cert, NULL, DYNAMIC_TYPE_CERT);
return NOT_COMPILED_IN;
}
/* Defensive: wc_IsSlhDsaOid already implies both lookups
* succeed, but check explicitly so any future drift between the
* three OID helpers surfaces as a clean failure rather than
* undefined behaviour from casting -1 to enum SlhDsaParam. */
if (paramInt < 0 || certType < 0) {
WOLFSSL_MSG("SLH-DSA OID helper mismatch");
XFREE(cert, NULL, DYNAMIC_TYPE_CERT);
return WOLFSSL_FAILURE;
}
ret = wc_sphincs_init(sphincs);
slhdsa = (SlhDsaKey*)XMALLOC(sizeof(SlhDsaKey), NULL,
DYNAMIC_TYPE_SLHDSA);
if (slhdsa == NULL) {
WOLFSSL_MSG("Failed to allocate memory for SlhDsaKey");
XFREE(cert, NULL, DYNAMIC_TYPE_CERT);
return WOLFSSL_FAILURE;
}
type = certType;
ret = wc_SlhDsaKey_Init(slhdsa, (enum SlhDsaParam)paramInt, NULL,
INVALID_DEVID);
if (ret != 0) {
XFREE(sphincs, NULL, DYNAMIC_TYPE_SPHINCS);
XFREE(slhdsa, NULL, DYNAMIC_TYPE_SLHDSA);
XFREE(cert, NULL, DYNAMIC_TYPE_CERT);
return ret;
}
if (x509->pubKeyOID == SPHINCS_FAST_LEVEL1k) {
type = SPHINCS_FAST_LEVEL1_TYPE;
wc_sphincs_set_level_and_optim(sphincs, 1, FAST_VARIANT);
}
else if (x509->pubKeyOID == SPHINCS_FAST_LEVEL3k) {
type = SPHINCS_FAST_LEVEL3_TYPE;
wc_sphincs_set_level_and_optim(sphincs, 3, FAST_VARIANT);
}
else if (x509->pubKeyOID == SPHINCS_FAST_LEVEL3k) {
type = SPHINCS_FAST_LEVEL5_TYPE;
wc_sphincs_set_level_and_optim(sphincs, 5, FAST_VARIANT);
}
else if (x509->pubKeyOID == SPHINCS_SMALL_LEVEL1k) {
type = SPHINCS_SMALL_LEVEL1_TYPE;
wc_sphincs_set_level_and_optim(sphincs, 1, SMALL_VARIANT);
}
else if (x509->pubKeyOID == SPHINCS_SMALL_LEVEL3k) {
type = SPHINCS_SMALL_LEVEL3_TYPE;
wc_sphincs_set_level_and_optim(sphincs, 3, SMALL_VARIANT);
}
else if (x509->pubKeyOID == SPHINCS_SMALL_LEVEL3k) {
type = SPHINCS_SMALL_LEVEL5_TYPE;
wc_sphincs_set_level_and_optim(sphincs, 5, SMALL_VARIANT);
}
ret = wc_Sphincs_PublicKeyDecode(x509->pubKey.buffer, &idx, sphincs,
x509->pubKey.length);
ret = wc_SlhDsaKey_PublicKeyDecode(x509->pubKey.buffer, &idx,
slhdsa, x509->pubKey.length);
if (ret != 0) {
WOLFSSL_ERROR_VERBOSE(ret);
wc_sphincs_free(sphincs);
XFREE(sphincs, NULL, DYNAMIC_TYPE_SPHINCS);
wc_SlhDsaKey_Free(slhdsa);
XFREE(slhdsa, NULL, DYNAMIC_TYPE_SLHDSA);
XFREE(cert, NULL, DYNAMIC_TYPE_CERT);
return ret;
}
key = (void*)sphincs;
key = (void*)slhdsa;
}
#endif
if (key == NULL) {
@@ -12591,15 +12586,15 @@ cleanup:
XFREE(dilithium, NULL, DYNAMIC_TYPE_DILITHIUM);
}
#endif
#if defined(HAVE_SPHINCS)
if ((x509->pubKeyOID == SPHINCS_FAST_LEVEL1k) ||
(x509->pubKeyOID == SPHINCS_FAST_LEVEL3k) ||
(x509->pubKeyOID == SPHINCS_FAST_LEVEL5k) ||
(x509->pubKeyOID == SPHINCS_SMALL_LEVEL1k) ||
(x509->pubKeyOID == SPHINCS_SMALL_LEVEL3k) ||
(x509->pubKeyOID == SPHINCS_SMALL_LEVEL5k)) {
wc_sphincs_free(sphincs);
XFREE(sphincs, NULL, DYNAMIC_TYPE_SPHINCS);
#if defined(WOLFSSL_HAVE_SLHDSA)
/* wc_IsSlhDsaOid returns 1 even for OIDs whose backend is
* NOT_COMPILED_IN; the early-return at the top of the SLH-DSA
* branch keeps slhdsa==NULL in that case. Guard the cleanup so
* future restructuring (a goto cleanup from inside the
* unbuilt-variant handler) cannot dereference a NULL key. */
if (wc_IsSlhDsaOid(x509->pubKeyOID) && slhdsa != NULL) {
wc_SlhDsaKey_Free(slhdsa);
XFREE(slhdsa, NULL, DYNAMIC_TYPE_SLHDSA);
}
#endif
XFREE(cert, NULL, DYNAMIC_TYPE_CERT);
+1627 -271
View File
File diff suppressed because it is too large Load Diff
+13 -1
View File
@@ -33,6 +33,12 @@ int test_wc_slhdsa_sign_vfy(void);
int test_wc_slhdsa_sign_hash(void);
int test_wc_slhdsa_export_import(void);
int test_wc_slhdsa_check_key(void);
int test_wc_slhdsa_der_roundtrip(void);
int test_wc_slhdsa_der_negative(void);
int test_wc_slhdsa_der_decode_files(void);
int test_wc_slhdsa_x509_i2d_roundtrip(void);
int test_wc_slhdsa_param_disabled(void);
int test_wc_slhdsa_decoder_disabled_oid(void);
#define TEST_SLHDSA_DECLS \
TEST_DECL_GROUP("slhdsa", test_wc_slhdsa), \
@@ -43,6 +49,12 @@ int test_wc_slhdsa_check_key(void);
TEST_DECL_GROUP("slhdsa", test_wc_slhdsa_sign_vfy), \
TEST_DECL_GROUP("slhdsa", test_wc_slhdsa_sign_hash), \
TEST_DECL_GROUP("slhdsa", test_wc_slhdsa_export_import), \
TEST_DECL_GROUP("slhdsa", test_wc_slhdsa_check_key)
TEST_DECL_GROUP("slhdsa", test_wc_slhdsa_check_key), \
TEST_DECL_GROUP("slhdsa", test_wc_slhdsa_der_roundtrip), \
TEST_DECL_GROUP("slhdsa", test_wc_slhdsa_der_negative), \
TEST_DECL_GROUP("slhdsa", test_wc_slhdsa_der_decode_files), \
TEST_DECL_GROUP("slhdsa", test_wc_slhdsa_x509_i2d_roundtrip), \
TEST_DECL_GROUP("slhdsa", test_wc_slhdsa_param_disabled), \
TEST_DECL_GROUP("slhdsa", test_wc_slhdsa_decoder_disabled_oid)
#endif /* WOLFCRYPT_TEST_SLHDSA_H */
+3
View File
@@ -36,6 +36,9 @@ EXTRA_DIST += tests/unit.h \
tests/test-tls13-pq-standalone.conf \
tests/test-tls13-pq-hybrid.conf \
tests/test-tls13-pq-hybrid-extra.conf \
tests/test-tls13-slhdsa-shake.conf \
tests/test-tls13-slhdsa-sha2.conf \
tests/test-tls13-slhdsa-fail.conf \
tests/test-dtls13-pq-standalone.conf \
tests/test-dtls13-pq-standalone-frag.conf \
tests/test-dtls13-pq-hybrid-frag.conf \
+44
View File
@@ -1262,6 +1262,50 @@ int SuiteTest(int argc, char** argv)
goto exit;
}
#endif
#if defined(WOLFSSL_HAVE_SLHDSA) && defined(HAVE_DILITHIUM) && \
defined(WOLFSSL_SLHDSA_PARAM_128S) && \
defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_ML_DSA_44)
/* SLH-DSA-SHAKE-128s root + ML-DSA-44 entity cert tests (TLS 1.3) */
XSTRLCPY(argv0[1], "tests/test-tls13-slhdsa-shake.conf",
sizeof(argv0[1]));
printf("starting TLSv13 SLH-DSA-SHAKE-128s root + ML-DSA-44 entity tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
args.return_code = EXIT_FAILURE;
goto exit;
}
/* Negative: client trusting an unrelated CA must reject the
* SLH-DSA-rooted server chain. */
args.argc = 3;
XSTRLCPY(argv0[1], "tests/test-tls13-slhdsa-fail.conf",
sizeof(argv0[1]));
XSTRLCPY(argv0[2], "expFail", sizeof(argv0[2]));
printf("starting TLSv13 SLH-DSA wrong-CA tests that expect failure\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
args.return_code = EXIT_FAILURE;
goto exit;
}
XSTRLCPY(argv0[2], "", sizeof(argv0[2]));
args.argc = 2;
#endif
#if defined(WOLFSSL_HAVE_SLHDSA) && defined(WOLFSSL_SLHDSA_SHA2) && \
defined(WOLFSSL_SLHDSA_PARAM_SHA2_128S) && defined(HAVE_DILITHIUM) && \
defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_ML_DSA_44)
/* SLH-DSA-SHA2-128s root + ML-DSA-44 entity cert tests (TLS 1.3) */
XSTRLCPY(argv0[1], "tests/test-tls13-slhdsa-sha2.conf",
sizeof(argv0[1]));
printf("starting TLSv13 SLH-DSA-SHA2-128s root + ML-DSA-44 entity tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
args.return_code = EXIT_FAILURE;
goto exit;
}
#endif
#if defined(HAVE_ECC) && defined(WOLFSSL_SHA512) && \
(defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES))
/* add P-521 certificate cipher suite tests */
+18
View File
@@ -0,0 +1,18 @@
# Negative test: client trusts an unrelated CA (not the SLH-DSA root used to
# sign the server's chain), so the SLH-DSA root signature on the server's
# certificate path must not chain to a trusted issuer and the handshake
# must fail. Run with `expFail` so the harness expects each scenario here
# to fail rather than succeed.
# server TLSv1.3 — serves chain rooted at SLH-DSA-SHAKE-128s
-v 4
-l TLS13-AES128-GCM-SHA256
-c ./certs/slhdsa/server-mldsa44-shake.pem
-k ./certs/slhdsa/server-mldsa44-priv.pem
-d
-x
# client TLSv1.3 — trusts an unrelated RSA CA, must reject the server chain
-v 4
-l TLS13-AES128-GCM-SHA256
-A ./certs/ca-cert.pem
+40
View File
@@ -0,0 +1,40 @@
# SLH-DSA-SHA2-128s root, ML-DSA-44 entity certs (TLS 1.3 only).
#
# Requires the SHA2 SLH-DSA family to be enabled at build time, e.g.:
# ./configure --enable-slhdsa=yes,sha2 --enable-mldsa
# Plain `--enable-slhdsa` enables only the SHAKE family, in which case
# the dispatch in tests/suites.c gates this file out and it is not run.
#
# Server-auth scenario.
# server TLSv1.3 TLS13-AES128-GCM-SHA256
-v 4
-l TLS13-AES128-GCM-SHA256
-c ./certs/slhdsa/server-mldsa44-sha2.pem
-k ./certs/slhdsa/server-mldsa44-priv.pem
-d
# client TLSv1.3 TLS13-AES128-GCM-SHA256
-v 4
-l TLS13-AES128-GCM-SHA256
-A ./certs/slhdsa/root-slhdsa-sha2-128s.pem
-C
# Mutual-auth scenario.
# server TLSv1.3 TLS13-AES128-GCM-SHA256
-v 4
-l TLS13-AES128-GCM-SHA256
-c ./certs/slhdsa/server-mldsa44-sha2.pem
-k ./certs/slhdsa/server-mldsa44-priv.pem
-A ./certs/slhdsa/root-slhdsa-sha2-128s.pem
-V
# Remove -V when CRL for SLH-DSA root certificates available.
# client TLSv1.3 TLS13-AES128-GCM-SHA256
-v 4
-l TLS13-AES128-GCM-SHA256
-c ./certs/slhdsa/client-mldsa44-sha2.pem
-k ./certs/slhdsa/client-mldsa44-priv.pem
-A ./certs/slhdsa/root-slhdsa-sha2-128s.pem
-C
+35
View File
@@ -0,0 +1,35 @@
# SLH-DSA-SHAKE-128s root, ML-DSA-44 entity certs (TLS 1.3 only).
#
# Server-auth scenario.
# server TLSv1.3 TLS13-AES128-GCM-SHA256
-v 4
-l TLS13-AES128-GCM-SHA256
-c ./certs/slhdsa/server-mldsa44-shake.pem
-k ./certs/slhdsa/server-mldsa44-priv.pem
-d
# client TLSv1.3 TLS13-AES128-GCM-SHA256
-v 4
-l TLS13-AES128-GCM-SHA256
-A ./certs/slhdsa/root-slhdsa-shake-128s.pem
-C
# Mutual-auth scenario.
# server TLSv1.3 TLS13-AES128-GCM-SHA256
-v 4
-l TLS13-AES128-GCM-SHA256
-c ./certs/slhdsa/server-mldsa44-shake.pem
-k ./certs/slhdsa/server-mldsa44-priv.pem
-A ./certs/slhdsa/root-slhdsa-shake-128s.pem
-V
# Remove -V when CRL for SLH-DSA root certificates available.
# client TLSv1.3 TLS13-AES128-GCM-SHA256
-v 4
-l TLS13-AES128-GCM-SHA256
-c ./certs/slhdsa/client-mldsa44-shake.pem
-k ./certs/slhdsa/client-mldsa44-priv.pem
-A ./certs/slhdsa/root-slhdsa-shake-128s.pem
-C
+12 -233
View File
@@ -193,9 +193,6 @@
#if defined(HAVE_DILITHIUM)
#include <wolfssl/wolfcrypt/dilithium.h>
#endif
#if defined(HAVE_SPHINCS)
#include <wolfssl/wolfcrypt/sphincs.h>
#endif
#ifdef WOLF_CRYPTO_CB
#include <wolfssl/wolfcrypt/cryptocb.h>
@@ -929,13 +926,6 @@ static WC_INLINE void bench_append_memory_info(char* buffer, size_t size,
BENCH_ML_DSA_65_SIGN | \
BENCH_ML_DSA_87_SIGN)
/* Post-Quantum Asymmetric algorithms. (Part 2) */
#define BENCH_SPHINCS_FAST_LEVEL1_SIGN 0x00000001
#define BENCH_SPHINCS_FAST_LEVEL3_SIGN 0x00000002
#define BENCH_SPHINCS_FAST_LEVEL5_SIGN 0x00000004
#define BENCH_SPHINCS_SMALL_LEVEL1_SIGN 0x00000008
#define BENCH_SPHINCS_SMALL_LEVEL3_SIGN 0x00000010
#define BENCH_SPHINCS_SMALL_LEVEL5_SIGN 0x00000020
/* Post-Quantum Stateful Hash-Based sig algorithms. */
#define BENCH_LMS_HSS 0x00000001
@@ -1031,8 +1021,6 @@ static word32 bench_kdf_algs = 0;
static word32 bench_asym_algs = 0;
/* Post-Quantum Asymmetric algorithms to benchmark. */
static word32 bench_pq_asym_algs = 0;
/* Post-Quantum Asymmetric algorithms to benchmark. (Part 2)*/
static word32 bench_pq_asym_algs2 = 0;
/* Other cryptographic algorithms to benchmark. */
static word32 bench_other_algs = 0;
/* Post-Quantum Stateful Hash-Based sig algorithms to benchmark. */
@@ -1371,7 +1359,7 @@ static const bench_pq_hash_sig_alg bench_pq_hash_sig_opt[] = {
#if !defined(WOLFSSL_BENCHMARK_ALL) && !defined(MAIN_NO_ARGS)
#if defined(WOLFSSL_HAVE_MLKEM) || defined(HAVE_FALCON) || \
defined(HAVE_DILITHIUM) || defined(HAVE_SPHINCS)
defined(HAVE_DILITHIUM)
/* The post-quantum-specific mapping of command line option to bit values and
* OQS name. */
typedef struct bench_pq_alg {
@@ -1410,21 +1398,6 @@ static const bench_pq_alg bench_pq_asym_opt[] = {
#endif
{ NULL, 0 }
};
#if defined(HAVE_SPHINCS)
/* All recognized post-quantum asymmetric algorithm choosing command line
* options. (Part 2) */
static const bench_pq_alg bench_pq_asym_opt2[] = {
{ "-pq", 0xffffffff },
{ "-sphincs_fast_level1", BENCH_SPHINCS_FAST_LEVEL1_SIGN },
{ "-sphincs_fast_level3", BENCH_SPHINCS_FAST_LEVEL3_SIGN },
{ "-sphincs_fast_level5", BENCH_SPHINCS_FAST_LEVEL5_SIGN },
{ "-sphincs_small_level1", BENCH_SPHINCS_SMALL_LEVEL1_SIGN },
{ "-sphincs_small_level3", BENCH_SPHINCS_SMALL_LEVEL3_SIGN },
{ "-sphincs_small_level5", BENCH_SPHINCS_SMALL_LEVEL5_SIGN },
{ NULL, 0, }
};
#endif /* HAVE_SPHINCS */
#endif
#endif
@@ -4754,20 +4727,6 @@ static void* benchmarks_do(void* args)
bench_dilithiumKeySign(5);
#endif
#endif
#ifdef HAVE_SPHINCS
if (bench_all || (bench_pq_asym_algs2 & BENCH_SPHINCS_FAST_LEVEL1_SIGN))
bench_sphincsKeySign(1, FAST_VARIANT);
if (bench_all || (bench_pq_asym_algs2 & BENCH_SPHINCS_FAST_LEVEL3_SIGN))
bench_sphincsKeySign(3, FAST_VARIANT);
if (bench_all || (bench_pq_asym_algs2 & BENCH_SPHINCS_FAST_LEVEL5_SIGN))
bench_sphincsKeySign(5, FAST_VARIANT);
if (bench_all || (bench_pq_asym_algs2 & BENCH_SPHINCS_SMALL_LEVEL1_SIGN))
bench_sphincsKeySign(1, SMALL_VARIANT);
if (bench_all || (bench_pq_asym_algs2 & BENCH_SPHINCS_SMALL_LEVEL3_SIGN))
bench_sphincsKeySign(3, SMALL_VARIANT);
if (bench_all || (bench_pq_asym_algs2 & BENCH_SPHINCS_SMALL_LEVEL5_SIGN))
bench_sphincsKeySign(5, SMALL_VARIANT);
#endif
#ifndef WC_NO_RNG
if (bench_all || (bench_other_algs & BENCH_RNG_INIT))
@@ -4803,7 +4762,6 @@ exit:
(void)bench_asym_algs;
(void)bench_other_algs;
(void)bench_pq_asym_algs;
(void)bench_pq_asym_algs2;
return NULL;
}
@@ -12615,7 +12573,7 @@ void bench_xmss(int hash)
#endif /* if defined(WOLFSSL_HAVE_XMSS) && !defined(WOLFSSL_XMSS_VERIFY_ONLY) */
#if defined(WOLFSSL_HAVE_SLHDSA) && !defined(WOLFSSL_SLHDSA_VERIFY_ONLY)
void bench_slhdsa(enum SlhDsaParam param)
void bench_slhdsa(int param)
{
int ret = 0, count = 0;
double start = 0;
@@ -12644,22 +12602,25 @@ void bench_slhdsa(enum SlhDsaParam param)
WC_ALLOC_VAR_EX(sig, byte, WC_SLHDSA_MAX_SIG_LEN, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER, goto exit);
ret = wc_SlhDsaKey_Init(key, param, NULL, INVALID_DEVID);
ret = wc_SlhDsaKey_Init(key, (enum SlhDsaParam)param, NULL, INVALID_DEVID);
if (ret != 0) {
goto exit;
}
len = wc_SlhDsaKey_PublicSize(key) / 2 * 8;
if (SLHDSA_IS_SHA2(param)) {
if (SLHDSA_IS_SHA2((enum SlhDsaParam)param)) {
XMEMCPY(name, "SLH-DSA-SHA2-S", 15);
if ((param & 1) == 1) {
name[13] = 'F';
}
}
else {
XMEMCPY(name, "SLH-DSA-S", 10);
/* SHAKE family: include the SHAKE token explicitly so output rows
* are symmetric with the SHA2 branch (e.g. "SLH-DSA-SHAKE-S" /
* "SLH-DSA-SHAKE-F" rather than the previous "SLH-DSA-S"). */
XMEMCPY(name, "SLH-DSA-SHAKE-S", 16);
if ((param & 1) == 1) {
name[8] = 'F';
name[14] = 'F';
}
}
@@ -12703,7 +12664,7 @@ void bench_slhdsa(enum SlhDsaParam param)
goto exit;
}
ret = wc_SlhDsaKey_Init(key_vfy, param, NULL, INVALID_DEVID);
ret = wc_SlhDsaKey_Init(key_vfy, (enum SlhDsaParam)param, NULL, INVALID_DEVID);
if (ret != 0) {
goto exit;
}
@@ -16353,165 +16314,6 @@ out:
}
#endif /* HAVE_DILITHIUM && !WC_NO_RNG */
#ifdef HAVE_SPHINCS
void bench_sphincsKeySign(byte level, byte optim)
{
int ret = 0;
sphincs_key key;
double start;
int i, count;
byte sig[SPHINCS_MAX_SIG_SIZE];
byte msg[512];
word32 x = 0;
const char**desc = bench_desc_words[lng_index];
DECLARE_MULTI_VALUE_STATS_VARS()
bench_stats_prepare();
ret = wc_sphincs_init(&key);
if (ret != 0) {
printf("wc_sphincs_init failed %d\n", ret);
return;
}
ret = wc_sphincs_set_level_and_optim(&key, level, optim);
if (ret != 0) {
printf("wc_sphincs_set_level_and_optim() failed %d\n", ret);
}
if (ret == 0) {
ret = -1;
if ((level == 1) && (optim == FAST_VARIANT)) {
ret = wc_sphincs_import_private_key(bench_sphincs_fast_level1_key,
sizeof_bench_sphincs_fast_level1_key, NULL, 0, &key);
}
else if ((level == 3) && (optim == FAST_VARIANT)) {
ret = wc_sphincs_import_private_key(bench_sphincs_fast_level3_key,
sizeof_bench_sphincs_fast_level3_key, NULL, 0, &key);
}
else if ((level == 5) && (optim == FAST_VARIANT)) {
ret = wc_sphincs_import_private_key(bench_sphincs_fast_level5_key,
sizeof_bench_sphincs_fast_level5_key, NULL, 0, &key);
}
else if ((level == 1) && (optim == SMALL_VARIANT)) {
ret = wc_sphincs_import_private_key(
bench_sphincs_small_level1_key,
sizeof_bench_sphincs_small_level1_key, NULL, 0, &key);
}
else if ((level == 3) && (optim == SMALL_VARIANT)) {
ret = wc_sphincs_import_private_key(
bench_sphincs_small_level3_key,
sizeof_bench_sphincs_small_level3_key, NULL, 0, &key);
}
else if ((level == 5) && (optim == SMALL_VARIANT)) {
ret = wc_sphincs_import_private_key(
bench_sphincs_small_level5_key,
sizeof_bench_sphincs_small_level5_key, NULL, 0, &key);
}
if (ret != 0) {
printf("wc_sphincs_import_private_key failed %d\n", ret);
}
}
/* make dummy msg */
for (i = 0; i < (int)sizeof(msg); i++) {
msg[i] = (byte)i;
}
bench_stats_start(&count, &start);
do {
for (i = 0; i < agreeTimes; i++) {
if (ret == 0) {
if ((level == 1) && (optim == FAST_VARIANT)) {
x = SPHINCS_FAST_LEVEL1_SIG_SIZE;
}
else if ((level == 3) && (optim == FAST_VARIANT)) {
x = SPHINCS_FAST_LEVEL3_SIG_SIZE;
}
else if ((level == 5) && (optim == FAST_VARIANT)) {
x = SPHINCS_FAST_LEVEL5_SIG_SIZE;
}
else if ((level == 1) && (optim == SMALL_VARIANT)) {
x = SPHINCS_SMALL_LEVEL1_SIG_SIZE;
}
else if ((level == 3) && (optim == SMALL_VARIANT)) {
x = SPHINCS_SMALL_LEVEL3_SIG_SIZE;
}
else if ((level == 5) && (optim == SMALL_VARIANT)) {
x = SPHINCS_SMALL_LEVEL5_SIG_SIZE;
}
ret = wc_sphincs_sign_msg(msg, sizeof(msg), sig, &x, &key, GLOBAL_RNG);
if (ret != 0) {
printf("wc_sphincs_sign_msg failed\n");
}
}
RECORD_MULTI_VALUE_STATS();
}
count += i;
} while (bench_stats_check(start)
#ifdef MULTI_VALUE_STATISTICS
|| runs < minimum_runs
#endif
);
if (ret == 0) {
if (optim == FAST_VARIANT) {
bench_stats_asym_finish("SPHINCS-FAST", level, desc[4], 0, count,
start, ret);
}
else {
bench_stats_asym_finish("SPHINCS-SMALL", level, desc[4], 0, count,
start, ret);
}
#ifdef MULTI_VALUE_STATISTICS
bench_multi_value_stats(max, min, sum, squareSum, runs);
#endif
}
RESET_MULTI_VALUE_STATS_VARS();
bench_stats_start(&count, &start);
do {
for (i = 0; i < agreeTimes; i++) {
if (ret == 0) {
int verify = 0;
ret = wc_sphincs_verify_msg(sig, x, msg, sizeof(msg), &verify,
&key);
if (ret != 0 || verify != 1) {
printf("wc_sphincs_verify_msg failed %d, verify %d\n",
ret, verify);
ret = -1;
}
}
RECORD_MULTI_VALUE_STATS();
}
count += i;
} while (bench_stats_check(start)
#ifdef MULTI_VALUE_STATISTICS
|| runs < minimum_runs
#endif
);
if (ret == 0) {
if (optim == FAST_VARIANT) {
bench_stats_asym_finish("SPHINCS-FAST", level, desc[5], 0, count,
start, ret);
}
else {
bench_stats_asym_finish("SPHINCS-SMALL", level, desc[5], 0, count,
start, ret);
}
#ifdef MULTI_VALUE_STATISTICS
bench_multi_value_stats(max, min, sum, squareSum, runs);
#endif
}
wc_sphincs_free(&key);
}
#endif /* HAVE_SPHINCS */
#if defined(_WIN32) && !defined(INTIME_RTOS)
@@ -17155,13 +16957,9 @@ static void Usage(void)
for (i=0; bench_other_opt[i].str != NULL; i++)
print_alg(bench_other_opt[i].str, &line);
#if defined(WOLFSSL_HAVE_MLKEM) || defined(HAVE_FALCON) || \
defined(HAVE_DILITHIUM) || defined(HAVE_SPHINCS)
defined(HAVE_DILITHIUM)
for (i=0; bench_pq_asym_opt[i].str != NULL; i++)
print_alg(bench_pq_asym_opt[i].str, &line);
#if defined(HAVE_SPHINCS)
for (i=0; bench_pq_asym_opt2[i].str != NULL; i++)
print_alg(bench_pq_asym_opt2[i].str, &line);
#endif /* HAVE_SPHINCS */
#endif
#if defined(BENCH_PQ_STATEFUL_HBS)
for (i=0; bench_pq_hash_sig_opt[i].str != NULL; i++)
@@ -17460,7 +17258,7 @@ int wolfcrypt_benchmark_main(int argc, char** argv)
}
}
#if defined(WOLFSSL_HAVE_MLKEM) || defined(HAVE_FALCON) || \
defined(HAVE_DILITHIUM) || defined(HAVE_SPHINCS)
defined(HAVE_DILITHIUM)
/* Known asymmetric post-quantum algorithms */
for (i=0; !optMatched && bench_pq_asym_opt[i].str != NULL; i++) {
if (string_matches(argv[1], bench_pq_asym_opt[i].str)) {
@@ -17469,25 +17267,6 @@ int wolfcrypt_benchmark_main(int argc, char** argv)
optMatched = 1;
}
}
#ifdef HAVE_SPHINCS
/* Both bench_pq_asym_opt and bench_pq_asym_opt2 are looking for
* -pq, so we need to do a special case for -pq since optMatched
* was set to 1 just above. */
if ((bench_pq_asym_opt[0].str != NULL) &&
string_matches(argv[1], bench_pq_asym_opt[0].str))
{
bench_pq_asym_algs2 |= bench_pq_asym_opt2[0].val;
bench_all = 0;
optMatched = 1;
}
for (i=1; !optMatched && bench_pq_asym_opt2[i].str != NULL; i++) {
if (string_matches(argv[1], bench_pq_asym_opt2[i].str)) {
bench_pq_asym_algs2 |= bench_pq_asym_opt2[i].val;
bench_all = 0;
optMatched = 1;
}
}
#endif
#endif
/* Other known cryptographic algorithms */
for (i=0; !optMatched && bench_other_opt[i].str != NULL; i++) {
+1 -4
View File
@@ -105,9 +105,7 @@ void bench_dh(int useDeviceID);
void bench_mlkem(int type);
void bench_lms(void);
void bench_xmss(int hash);
#ifdef WOLFSSL_HAVE_SLHDSA
void bench_slhdsa(enum SlhDsaParam param);
#endif
void bench_slhdsa(int param);
void bench_ecc_curve(int curveId);
void bench_eccMakeKey(int useDeviceID, int curveId);
void bench_ecc(int useDeviceID, int curveId);
@@ -143,7 +141,6 @@ void bench_ascon_hash(void);
void bench_pbkdf2(void);
void bench_falconKeySign(byte level);
void bench_dilithiumKeySign(byte level);
void bench_sphincsKeySign(byte level, byte optim);
void bench_stats_print(void);
+883 -714
View File
File diff suppressed because it is too large Load Diff
+58 -68
View File
@@ -5981,7 +5981,7 @@ static int SetValidity(byte* output, int daysValid)
static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
WC_RNG* rng, DsaKey* dsaKey, ed25519_key* ed25519Key,
ed448_key* ed448Key, falcon_key* falconKey,
dilithium_key* dilithiumKey, sphincs_key* sphincsKey)
dilithium_key* dilithiumKey, SlhDsaKey* slhDsaKey)
{
int ret;
@@ -5991,7 +5991,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
/* make sure at least one key type is provided */
if (rsaKey == NULL && eccKey == NULL && ed25519Key == NULL &&
dsaKey == NULL && ed448Key == NULL && falconKey == NULL &&
dilithiumKey == NULL && sphincsKey == NULL) {
dilithiumKey == NULL && slhDsaKey == NULL) {
return PUBLIC_KEY_E;
}
@@ -6097,21 +6097,30 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
(word32)sizeof(der->publicKey), 1);
}
#endif /* HAVE_DILITHIUM */
#if defined(HAVE_SPHINCS)
if ((cert->keyType == SPHINCS_FAST_LEVEL1_KEY) ||
(cert->keyType == SPHINCS_FAST_LEVEL3_KEY) ||
(cert->keyType == SPHINCS_FAST_LEVEL5_KEY) ||
(cert->keyType == SPHINCS_SMALL_LEVEL1_KEY) ||
(cert->keyType == SPHINCS_SMALL_LEVEL3_KEY) ||
(cert->keyType == SPHINCS_SMALL_LEVEL5_KEY)) {
if (sphincsKey == NULL)
#if defined(WOLFSSL_HAVE_SLHDSA)
if ((cert->keyType == SLH_DSA_SHAKE_128F_KEY) ||
(cert->keyType == SLH_DSA_SHAKE_192F_KEY) ||
(cert->keyType == SLH_DSA_SHAKE_256F_KEY) ||
(cert->keyType == SLH_DSA_SHAKE_128S_KEY) ||
(cert->keyType == SLH_DSA_SHAKE_192S_KEY) ||
(cert->keyType == SLH_DSA_SHAKE_256S_KEY)
#ifdef WOLFSSL_SLHDSA_SHA2
|| (cert->keyType == SLH_DSA_SHA2_128F_KEY) ||
(cert->keyType == SLH_DSA_SHA2_192F_KEY) ||
(cert->keyType == SLH_DSA_SHA2_256F_KEY) ||
(cert->keyType == SLH_DSA_SHA2_128S_KEY) ||
(cert->keyType == SLH_DSA_SHA2_192S_KEY) ||
(cert->keyType == SLH_DSA_SHA2_256S_KEY)
#endif
) {
if (slhDsaKey == NULL)
return PUBLIC_KEY_E;
der->publicKeySz =
wc_Sphincs_PublicKeyToDer(sphincsKey, der->publicKey,
wc_SlhDsaKey_PublicKeyToDer(slhDsaKey, der->publicKey,
(word32)sizeof(der->publicKey), 1);
}
#endif /* HAVE_SPHINCS */
#endif /* WOLFSSL_HAVE_SLHDSA */
if (der->publicKeySz <= 0)
return PUBLIC_KEY_E;
@@ -6571,7 +6580,7 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz,
RsaKey* rsaKey, ecc_key* eccKey, WC_RNG* rng,
DsaKey* dsaKey, ed25519_key* ed25519Key,
ed448_key* ed448Key, falcon_key* falconKey,
dilithium_key* dilithiumKey, sphincs_key* sphincsKey)
dilithium_key* dilithiumKey, SlhDsaKey* slhDsaKey)
{
int ret;
WC_DECLARE_VAR(der, DerCert, 1, 0);
@@ -6623,26 +6632,12 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz,
cert->keyType = ML_DSA_LEVEL5_KEY;
}
#endif /* HAVE_DILITHIUM */
#ifdef HAVE_SPHINCS
else if ((sphincsKey != NULL) && (sphincsKey->level == 1)
&& (sphincsKey->optim == FAST_VARIANT))
cert->keyType = SPHINCS_FAST_LEVEL1_KEY;
else if ((sphincsKey != NULL) && (sphincsKey->level == 3)
&& (sphincsKey->optim == FAST_VARIANT))
cert->keyType = SPHINCS_FAST_LEVEL3_KEY;
else if ((sphincsKey != NULL) && (sphincsKey->level == 5)
&& (sphincsKey->optim == FAST_VARIANT))
cert->keyType = SPHINCS_FAST_LEVEL5_KEY;
else if ((sphincsKey != NULL) && (sphincsKey->level == 1)
&& (sphincsKey->optim == SMALL_VARIANT))
cert->keyType = SPHINCS_SMALL_LEVEL1_KEY;
else if ((sphincsKey != NULL) && (sphincsKey->level == 3)
&& (sphincsKey->optim == SMALL_VARIANT))
cert->keyType = SPHINCS_SMALL_LEVEL3_KEY;
else if ((sphincsKey != NULL) && (sphincsKey->level == 5)
&& (sphincsKey->optim == SMALL_VARIANT))
cert->keyType = SPHINCS_SMALL_LEVEL5_KEY;
#endif /* HAVE_SPHINCS */
#ifdef WOLFSSL_HAVE_SLHDSA
else if ((slhDsaKey != NULL) && (slhDsaKey->params != NULL) &&
(SlhDsaParamToKeyType(slhDsaKey->params->param) != 0)) {
cert->keyType = SlhDsaParamToKeyType(slhDsaKey->params->param);
}
#endif /* WOLFSSL_HAVE_SLHDSA */
else
return BAD_FUNC_ARG;
@@ -6650,7 +6645,7 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz,
return MEMORY_E);
ret = EncodeCert(cert, der, rsaKey, eccKey, rng, dsaKey, ed25519Key,
ed448Key, falconKey, dilithiumKey, sphincsKey);
ed448Key, falconKey, dilithiumKey, slhDsaKey);
if (ret == 0) {
if (der->total + MAX_SEQ_SZ * 2 > (int)derSz)
ret = BUFFER_E;
@@ -6826,7 +6821,7 @@ static int EncodeCertReq(Cert* cert, DerCert* der, RsaKey* rsaKey,
DsaKey* dsaKey, ecc_key* eccKey,
ed25519_key* ed25519Key, ed448_key* ed448Key,
falcon_key* falconKey, dilithium_key* dilithiumKey,
sphincs_key* sphincsKey)
SlhDsaKey* slhDsaKey)
{
int ret;
@@ -6835,14 +6830,14 @@ static int EncodeCertReq(Cert* cert, DerCert* der, RsaKey* rsaKey,
(void)ed448Key;
(void)falconKey;
(void)dilithiumKey;
(void)sphincsKey;
(void)slhDsaKey;
if (cert == NULL || der == NULL)
return BAD_FUNC_ARG;
if (rsaKey == NULL && eccKey == NULL && ed25519Key == NULL &&
dsaKey == NULL && ed448Key == NULL && falconKey == NULL &&
dilithiumKey == NULL && sphincsKey == NULL) {
dilithiumKey == NULL && slhDsaKey == NULL) {
return PUBLIC_KEY_E;
}
@@ -6949,16 +6944,25 @@ static int EncodeCertReq(Cert* cert, DerCert* der, RsaKey* rsaKey,
der->publicKey, (word32)sizeof(der->publicKey), 1);
}
#endif
#if defined(HAVE_SPHINCS)
if ((cert->keyType == SPHINCS_FAST_LEVEL1_KEY) ||
(cert->keyType == SPHINCS_FAST_LEVEL3_KEY) ||
(cert->keyType == SPHINCS_FAST_LEVEL5_KEY) ||
(cert->keyType == SPHINCS_SMALL_LEVEL1_KEY) ||
(cert->keyType == SPHINCS_SMALL_LEVEL3_KEY) ||
(cert->keyType == SPHINCS_SMALL_LEVEL5_KEY)) {
if (sphincsKey == NULL)
#if defined(WOLFSSL_HAVE_SLHDSA)
if ((cert->keyType == SLH_DSA_SHAKE_128F_KEY) ||
(cert->keyType == SLH_DSA_SHAKE_192F_KEY) ||
(cert->keyType == SLH_DSA_SHAKE_256F_KEY) ||
(cert->keyType == SLH_DSA_SHAKE_128S_KEY) ||
(cert->keyType == SLH_DSA_SHAKE_192S_KEY) ||
(cert->keyType == SLH_DSA_SHAKE_256S_KEY)
#ifdef WOLFSSL_SLHDSA_SHA2
|| (cert->keyType == SLH_DSA_SHA2_128F_KEY) ||
(cert->keyType == SLH_DSA_SHA2_192F_KEY) ||
(cert->keyType == SLH_DSA_SHA2_256F_KEY) ||
(cert->keyType == SLH_DSA_SHA2_128S_KEY) ||
(cert->keyType == SLH_DSA_SHA2_192S_KEY) ||
(cert->keyType == SLH_DSA_SHA2_256S_KEY)
#endif
) {
if (slhDsaKey == NULL)
return PUBLIC_KEY_E;
der->publicKeySz = wc_Sphincs_PublicKeyToDer(sphincsKey,
der->publicKeySz = wc_SlhDsaKey_PublicKeyToDer(slhDsaKey,
der->publicKey, (word32)sizeof(der->publicKey), 1);
}
#endif
@@ -7209,7 +7213,7 @@ static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz,
RsaKey* rsaKey, DsaKey* dsaKey, ecc_key* eccKey,
ed25519_key* ed25519Key, ed448_key* ed448Key,
falcon_key* falconKey, dilithium_key* dilithiumKey,
sphincs_key* sphincsKey)
SlhDsaKey* slhDsaKey)
{
int ret;
WC_DECLARE_VAR(der, DerCert, 1, 0);
@@ -7258,26 +7262,12 @@ static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz,
cert->keyType = ML_DSA_LEVEL5_KEY;
}
#endif /* HAVE_DILITHIUM */
#ifdef HAVE_SPHINCS
else if ((sphincsKey != NULL) && (sphincsKey->level == 1)
&& (sphincsKey->optim == FAST_VARIANT))
cert->keyType = SPHINCS_FAST_LEVEL1_KEY;
else if ((sphincsKey != NULL) && (sphincsKey->level == 3)
&& (sphincsKey->optim == FAST_VARIANT))
cert->keyType = SPHINCS_FAST_LEVEL3_KEY;
else if ((sphincsKey != NULL) && (sphincsKey->level == 5)
&& (sphincsKey->optim == FAST_VARIANT))
cert->keyType = SPHINCS_FAST_LEVEL5_KEY;
else if ((sphincsKey != NULL) && (sphincsKey->level == 1)
&& (sphincsKey->optim == SMALL_VARIANT))
cert->keyType = SPHINCS_SMALL_LEVEL1_KEY;
else if ((sphincsKey != NULL) && (sphincsKey->level == 3)
&& (sphincsKey->optim == SMALL_VARIANT))
cert->keyType = SPHINCS_SMALL_LEVEL3_KEY;
else if ((sphincsKey != NULL) && (sphincsKey->level == 5)
&& (sphincsKey->optim == SMALL_VARIANT))
cert->keyType = SPHINCS_SMALL_LEVEL5_KEY;
#endif /* HAVE_SPHINCS */
#ifdef WOLFSSL_HAVE_SLHDSA
else if ((slhDsaKey != NULL) && (slhDsaKey->params != NULL) &&
(SlhDsaParamToKeyType(slhDsaKey->params->param) != 0)) {
cert->keyType = SlhDsaParamToKeyType(slhDsaKey->params->param);
}
#endif /* WOLFSSL_HAVE_SLHDSA */
else
return BAD_FUNC_ARG;
@@ -7285,7 +7275,7 @@ static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz,
return MEMORY_E);
ret = EncodeCertReq(cert, der, rsaKey, dsaKey, eccKey, ed25519Key, ed448Key,
falconKey, dilithiumKey, sphincsKey);
falconKey, dilithiumKey, slhDsaKey);
if (ret == 0) {
if (der->total + MAX_SEQ_SZ * 2 > (int)derSz)
File diff suppressed because it is too large Load Diff
+454 -1
View File
@@ -30,6 +30,7 @@
#ifdef WOLFSSL_HAVE_SLHDSA
#include <wolfssl/wolfcrypt/asn.h>
#include <wolfssl/wolfcrypt/cpuid.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#ifdef NO_INLINE
@@ -8201,7 +8202,7 @@ int wc_SlhDsaKey_ImportPublic(SlhDsaKey* key, const byte* pub, word32 pubLen)
else {
/* Copy public key data into SLH-DSA key object. */
XMEMCPY(key->sk + 2 * key->params->n, pub, 2 * key->params->n);
key->flags = WC_SLHDSA_FLAG_PUBLIC;
key->flags |= WC_SLHDSA_FLAG_PUBLIC;
#ifdef WOLFSSL_SLHDSA_SHA2
if (SLHDSA_IS_SHA2(key->params->param)) {
ret = slhdsakey_precompute_sha2_midstates(key);
@@ -8564,5 +8565,457 @@ int wc_SlhDsaKey_SigSizeFromParam(enum SlhDsaParam param)
return ret;
}
/* Find SlhDsaParameters entry for a given param enum. */
static const SlhDsaParameters* slhdsa_find_params(enum SlhDsaParam param)
{
int i;
for (i = 0; i < SLHDSA_PARAM_LEN; i++) {
if (SlhDsaParams[i].param == param) {
return &SlhDsaParams[i];
}
}
return NULL;
}
#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY
/* Decode a DER-encoded SLH-DSA private key (PKCS#8 / OneAsymmetricKey).
*
* RFC 9909 Section 6: The privateKey OCTET STRING contains the raw
* concatenation SK.seed || SK.prf || PK.seed || PK.root (4*n bytes)
* directly, without a nested OCTET STRING wrapper. This differs from
* Ed25519/Ed448 which wrap the key in an additional OCTET STRING.
*
* The parameter set is detected from the AlgorithmIdentifier OID.
* On success, key->params is updated to match the detected parameter set.
*
* @param [in] input DER-encoded key data.
* @param [in, out] inOutIdx Index into input, updated on return.
* @param [in, out] key SLH-DSA key. Parameter set is auto-detected.
* @param [in] inSz Size of input in bytes.
* @return 0 on success.
* @return BAD_FUNC_ARG when input, inOutIdx, or key is NULL.
* @return ASN_PARSE_E when the DER cannot be parsed as an SLH-DSA key.
*/
int wc_SlhDsaKey_PrivateKeyDecode(const byte* input, word32* inOutIdx,
SlhDsaKey* key, word32 inSz)
{
int ret = 0;
int length;
int version;
word32 oid = 0;
word32 seqEnd;
word32 savedIdx;
int privSz;
int paramId;
const SlhDsaParameters* params;
if ((input == NULL) || (inOutIdx == NULL) || (key == NULL) || (inSz == 0)) {
return BAD_FUNC_ARG;
}
/* Snapshot the caller's index so failures restore it -- mirrors
* wc_SlhDsaKey_PublicKeyDecode and lets callers chain parsers or
* retry on the same buffer without recomputing the offset. */
savedIdx = *inOutIdx;
/* Parse PKCS#8 OneAsymmetricKey wrapper:
* SEQUENCE { version, AlgorithmIdentifier { OID }, OCTET STRING { key },
* [0] attributes OPTIONAL, [1] publicKey OPTIONAL }
*/
if (GetSequence(input, inOutIdx, &length, inSz) < 0) {
*inOutIdx = savedIdx;
return ASN_PARSE_E;
}
seqEnd = *inOutIdx + (word32)length;
if (GetMyVersion(input, inOutIdx, &version, inSz) < 0) {
*inOutIdx = savedIdx;
return ASN_PARSE_E;
}
if (version != 0 && version != 1) {
*inOutIdx = savedIdx;
return ASN_PARSE_E;
}
if (GetAlgoId(input, inOutIdx, &oid, oidKeyType, inSz) < 0) {
*inOutIdx = savedIdx;
return ASN_PARSE_E;
}
/* Map the OID to an SLH-DSA parameter set. Pass through NOT_COMPILED_IN
* so callers can distinguish "variant present but not built in" from
* "malformed DER". */
paramId = wc_SlhDsaOidToParam((int)oid);
if (paramId == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) {
*inOutIdx = savedIdx;
return NOT_COMPILED_IN;
}
if (paramId < 0) {
*inOutIdx = savedIdx;
return ASN_PARSE_E;
}
params = slhdsa_find_params((enum SlhDsaParam)paramId);
if (params == NULL) {
*inOutIdx = savedIdx;
return ASN_PARSE_E;
}
/* RFC 9909: privateKey is a single OCTET STRING containing the raw key
* (4*n bytes). Unlike Ed25519/Ed448, there is no nested inner OCTET
* STRING wrapping. */
if (GetOctetString(input, inOutIdx, &privSz, inSz) < 0) {
*inOutIdx = savedIdx;
return ASN_PARSE_E;
}
if (privSz != params->n * 4) {
*inOutIdx = savedIdx;
return ASN_PARSE_E;
}
{
const SlhDsaParameters* oldParams = key->params;
byte oldFlags = key->flags;
/* Update the key's parameter set to the detected one. */
key->params = params;
/* Import the raw private key: SK.seed || SK.prf || PK.seed || PK.root */
ret = wc_SlhDsaKey_ImportPrivate(key, input + *inOutIdx,
(word32)privSz);
if (ret == 0) {
/* Validate trailing fields per RFC 5958 OneAsymmetricKey:
* [0] IMPLICIT Attributes OPTIONAL -- at most once
* [1] IMPLICIT PublicKey OPTIONAL -- at most once,
* must follow [0]
* Reject duplicates, out-of-order tags, and any other tag.
* The previous code accepted any number of either tag in any
* order. */
const byte tagAttrs = ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 0;
const byte tagPub = ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 1;
int seenAttrs = 0;
int seenPub = 0;
*inOutIdx += (word32)privSz;
while (ret == 0 && *inOutIdx < seqEnd) {
byte tlvTag;
int tlvLen;
if (GetASNTag(input, inOutIdx, &tlvTag, inSz) < 0) {
ret = ASN_PARSE_E;
break;
}
if (tlvTag == tagAttrs) {
/* attributes must precede publicKey and appear once */
if (seenAttrs || seenPub) {
ret = ASN_PARSE_E;
break;
}
seenAttrs = 1;
}
else if (tlvTag == tagPub) {
/* publicKey may appear at most once */
if (seenPub) {
ret = ASN_PARSE_E;
break;
}
seenPub = 1;
}
else {
ret = ASN_PARSE_E;
break;
}
if (GetLength(input, inOutIdx, &tlvLen, inSz) < 0) {
ret = ASN_PARSE_E;
break;
}
/* Length must stay within the outer SEQUENCE. */
if (*inOutIdx + (word32)tlvLen > seqEnd) {
ret = ASN_PARSE_E;
break;
}
*inOutIdx += (word32)tlvLen;
}
if (ret == 0 && *inOutIdx != seqEnd) {
ret = ASN_PARSE_E;
}
if (ret != 0) {
/* Trailing-field validation failed after ImportPrivate
* already populated key->sk. Scrub the imported material
* and roll back state so the caller sees the failure as
* if the import never happened. */
ForceZero(key->sk, (word32)(4 * params->n));
key->params = oldParams;
key->flags = oldFlags;
*inOutIdx = savedIdx;
}
}
else {
/* On failure, restore params/flags. ImportPrivate writes the
* full sk[0..4*n] (private + public material) before any
* SHA-2 precompute step, so a precompute failure can leave
* the entire sk dirty -- clear it. BAD_LENGTH_E is detected
* before any write, so no zeroing is needed in that case. */
if (ret != WC_NO_ERR_TRACE(BAD_LENGTH_E)) {
ForceZero(key->sk, (word32)(4 * params->n));
}
key->params = oldParams;
key->flags = oldFlags;
*inOutIdx = savedIdx;
}
}
return ret;
}
#endif /* !WOLFSSL_SLHDSA_VERIFY_ONLY */
/* Decode a DER-encoded SLH-DSA public key (SubjectPublicKeyInfo).
*
* The parameter set is detected from the AlgorithmIdentifier OID.
* On success, key->params is updated to match the detected parameter set.
*
* @param [in] input DER-encoded key data.
* @param [in, out] inOutIdx Index into input, updated on return.
* @param [in, out] key SLH-DSA key. Parameter set is auto-detected.
* @param [in] inSz Size of input in bytes.
* @return 0 on success.
* @return BAD_FUNC_ARG when input, inOutIdx, or key is NULL.
* @return ASN_PARSE_E when the DER cannot be parsed as an SLH-DSA key.
*/
int wc_SlhDsaKey_PublicKeyDecode(const byte* input, word32* inOutIdx,
SlhDsaKey* key, word32 inSz)
{
int ret;
int keytype = ANONk;
int paramId;
const SlhDsaParameters* params;
const SlhDsaParameters* oldParams;
const byte* pubKeyPtr = NULL;
word32 pubKeyLen = 0;
word32 savedIdx;
byte oldFlags;
if ((input == NULL) || (inOutIdx == NULL) || (key == NULL) || (inSz == 0)) {
return BAD_FUNC_ARG;
}
savedIdx = *inOutIdx;
/* Fast path: if the caller initialised the key with a parameter set,
* treat the entire window from *inOutIdx to inSz as a candidate raw
* public key and let wc_SlhDsaKey_ImportPublic decide via its length
* check. The window must contain exactly 2*n bytes for the configured
* parameter set -- callers chaining decoders must pass inSz scoped to
* just the public-key buffer or the import will reject the length and
* fall through to SPKI parsing. Mirrors the raw-first fallback in
* wc_Dilithium_PublicKeyDecode and wc_Falcon_PublicKeyDecode so all PQ
* public-key decoders accept either raw bytes or SPKI.
*
* The length check in ImportPublic is the disambiguator: a real SPKI
* for any SLH-DSA variant carries ~19 bytes of AlgorithmIdentifier and
* BIT STRING overhead on top of the 2*n public bytes, so SPKI input
* never collides with the 2*n raw length and falls through cleanly. */
if (key->params != NULL && savedIdx < inSz) {
word32 windowSz = inSz - savedIdx;
int n = key->params->n;
oldFlags = key->flags;
ret = wc_SlhDsaKey_ImportPublic(key, input + savedIdx, windowSz);
if (ret == 0) {
*inOutIdx += windowSz;
return 0;
}
/* Fall through to SPKI parsing. BAD_LENGTH_E is detected before
* any write (typical SPKI input), so there is nothing to scrub.
* On SHA-2 precompute failure ImportPublic has written only the
* public half at sk[2*n .. 4*n] - leave the private half
* sk[0 .. 2*n] untouched in case the caller imported it earlier. */
if (ret != WC_NO_ERR_TRACE(BAD_LENGTH_E)) {
ForceZero(key->sk + 2 * n, (word32)(2 * n));
}
key->flags = oldFlags;
}
/* Use ANONk to auto-detect the OID from the SPKI AlgorithmIdentifier
* in a single parse. (PrivateKeyDecode parses each DER element
* manually because the PKCS#8 OneAsymmetricKey layout differs from
* SPKI and has no matching helper.) */
ret = DecodeAsymKeyPublic_Assign(input, inOutIdx, inSz, &pubKeyPtr,
&pubKeyLen, &keytype);
if (ret != 0) {
return ret;
}
/* Map the detected OID key type to an SLH-DSA parameter set. Pass
* through NOT_COMPILED_IN so callers see the specific reason
* (unsupported variant) rather than a generic parse error. */
paramId = wc_SlhDsaOidToParam(keytype);
if (paramId == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) {
*inOutIdx = savedIdx;
return NOT_COMPILED_IN;
}
if (paramId < 0) {
*inOutIdx = savedIdx;
return ASN_PARSE_E;
}
params = slhdsa_find_params((enum SlhDsaParam)paramId);
if (params == NULL) {
*inOutIdx = savedIdx;
return ASN_PARSE_E;
}
oldFlags = key->flags;
oldParams = key->params;
key->params = params;
ret = wc_SlhDsaKey_ImportPublic(key, pubKeyPtr, pubKeyLen);
if (ret != 0) {
/* Restore params/flags/inOutIdx. ImportPublic writes only the
* public half (sk[2*n .. 4*n]) and only after the length check
* passes; preserve any prior private bytes the caller may have
* imported into sk[0 .. 2*n]. */
if (ret != WC_NO_ERR_TRACE(BAD_LENGTH_E)) {
ForceZero(key->sk + 2 * params->n, (word32)(2 * params->n));
}
key->params = oldParams;
key->flags = oldFlags;
*inOutIdx = savedIdx;
}
return ret;
}
#ifdef WC_ENABLE_ASYM_KEY_EXPORT
/* Encode an SLH-DSA public key to DER.
*
* Pass NULL for output to get the size of the encoding.
*
* @param [in] key SLH-DSA key object.
* @param [out] output Buffer to put encoded data in.
* @param [in] inLen Size of buffer in bytes.
* @param [in] withAlg Whether to use SubjectPublicKeyInfo format.
* @return Size of encoded data in bytes on success.
* @return BAD_FUNC_ARG when key/key->params is NULL or param is unknown.
* @return NOT_COMPILED_IN when key->params names a known SLH-DSA variant
* whose parameter set isn't compiled in. In practice unreachable
* because SlhDsaParams[] is itself gated on the build, but the
* contract matches wc_SlhDsaOidToParam for forward compatibility.
*/
int wc_SlhDsaKey_PublicKeyToDer(SlhDsaKey* key, byte* output, word32 inLen,
int withAlg)
{
int ret;
byte pubKey[WC_SLHDSA_MAX_PUB_LEN];
word32 pubKeyLen = (word32)sizeof(pubKey);
int keytype;
if ((key == NULL) || (key->params == NULL)) {
return BAD_FUNC_ARG;
}
keytype = wc_SlhDsaParamToOid(key->params->param);
if (keytype < 0) {
return keytype;
}
ret = wc_SlhDsaKey_ExportPublic(key, pubKey, &pubKeyLen);
if (ret == 0) {
ret = SetAsymKeyDerPublic(pubKey, pubKeyLen, output, inLen, keytype,
withAlg);
}
return ret;
}
#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY
/* Encode an SLH-DSA private key to DER (PKCS#8 / OneAsymmetricKey).
*
* RFC 9909: The privateKey OCTET STRING contains the raw 4*n bytes
* (SK.seed || SK.prf || PK.seed || PK.root) directly, without a nested
* OCTET STRING wrapper. This differs from Ed25519/Ed448 which use a
* double OCTET STRING wrapping.
*
* Pass NULL for output to get the required buffer size.
*
* @param [in] key SLH-DSA key object.
* @param [out] output Buffer to put encoded data in (or NULL for size).
* @param [in] inLen Size of buffer in bytes.
* @return Size of encoded data in bytes on success.
* @return BAD_FUNC_ARG when key/key->params is NULL or param is unknown.
* @return NOT_COMPILED_IN when key->params names a known SLH-DSA variant
* whose parameter set isn't compiled in (in practice unreachable;
* SlhDsaParams[] is itself gated on the build).
* @return MISSING_KEY when private key not set.
* @return BUFFER_E when output buffer is too small.
*/
int wc_SlhDsaKey_KeyToDer(SlhDsaKey* key, byte* output, word32 inLen)
{
int keytype;
int n;
word32 privSz, algoSz, verSz, seqSz, sz;
if ((key == NULL) || (key->params == NULL)) {
return BAD_FUNC_ARG;
}
if ((key->flags & WC_SLHDSA_FLAG_PRIVATE) == 0) {
return MISSING_KEY;
}
keytype = wc_SlhDsaParamToOid(key->params->param);
if (keytype < 0) {
return keytype;
}
n = key->params->n;
/* RFC 9909: bare OCTET STRING containing 4*n raw key bytes */
privSz = SetOctetString((word32)(n * 4), NULL) + (word32)(n * 4);
algoSz = SetAlgoID(keytype, NULL, oidKeyType, 0);
verSz = 3; /* ASN_INTEGER(1) + length(1) + version_byte(1) */
seqSz = SetSequence(verSz + algoSz + privSz, NULL);
sz = seqSz + verSz + algoSz + privSz;
if (output == NULL) {
return (int)sz;
}
if (sz > inLen) {
return BUFFER_E;
}
{
word32 idx = 0;
int actualVerSz;
idx += SetSequence(verSz + algoSz + privSz, output + idx);
actualVerSz = SetMyVersion(0, output + idx, FALSE);
if (actualVerSz != (int)verSz) {
return BUFFER_E;
}
idx += (word32)actualVerSz;
idx += SetAlgoID(keytype, output + idx, oidKeyType, 0);
idx += SetOctetString((word32)(n * 4), output + idx);
XMEMCPY(output + idx, key->sk, (word32)(n * 4));
idx += (word32)(n * 4);
return (int)idx;
}
}
/* Encode an SLH-DSA private key to DER (PKCS#8 / OneAsymmetricKey).
*
* For SLH-DSA, RFC 9909 packs SK.seed || SK.prf || PK.seed || PK.root into
* a single OCTET STRING, so there is no separate "private-only" encoding.
* This function is intentionally an alias of wc_SlhDsaKey_KeyToDer, kept
* for API parity with Ed25519/Ed448 which do have a distinct private form.
*
* @param [in] key SLH-DSA key object.
* @param [out] output Buffer to put encoded data in (or NULL for size).
* @param [in] inLen Size of buffer in bytes.
* @return Size of encoded data in bytes on success.
* @return BAD_FUNC_ARG when key is NULL.
* @return MISSING_KEY when private key not set.
* @return BUFFER_E when output buffer is too small.
*/
int wc_SlhDsaKey_PrivateKeyToDer(SlhDsaKey* key, byte* output, word32 inLen)
{
return wc_SlhDsaKey_KeyToDer(key, output, inLen);
}
#endif /* !WOLFSSL_SLHDSA_VERIFY_ONLY */
#endif /* WC_ENABLE_ASYM_KEY_EXPORT */
#endif /* WOLFSSL_HAVE_SLHDSA */
+27 -5
View File
@@ -54195,6 +54195,28 @@ out:
}
#endif
/* True iff slhdsa_test() actually emits at least one `goto out;` /
* ERROR_OUT(..., out). The SHAKE128S block has a couple of ERROR_OUTs
* gated only on PARAM_128S; everything else (other SHAKE variants, all
* SHA-2 KATs, slhdsa_test_param dispatch) lives inside `#ifndef
* WOLFSSL_SLHDSA_VERIFY_ONLY`. So the label is needed when 128S is
* built, OR when any other variant is built without VERIFY_ONLY. */
#if defined(WOLFSSL_SLHDSA_PARAM_128S) || \
(!defined(WOLFSSL_SLHDSA_VERIFY_ONLY) && \
(defined(WOLFSSL_SLHDSA_PARAM_128F) || \
defined(WOLFSSL_SLHDSA_PARAM_192S) || \
defined(WOLFSSL_SLHDSA_PARAM_192F) || \
defined(WOLFSSL_SLHDSA_PARAM_256S) || \
defined(WOLFSSL_SLHDSA_PARAM_256F) || \
defined(WOLFSSL_SLHDSA_PARAM_SHA2_128S) || \
defined(WOLFSSL_SLHDSA_PARAM_SHA2_128F) || \
defined(WOLFSSL_SLHDSA_PARAM_SHA2_192S) || \
defined(WOLFSSL_SLHDSA_PARAM_SHA2_192F) || \
defined(WOLFSSL_SLHDSA_PARAM_SHA2_256S) || \
defined(WOLFSSL_SLHDSA_PARAM_SHA2_256F)))
#define SLHDSA_TEST_HAVE_ANY_PARAM
#endif
wc_test_ret_t slhdsa_test(void)
{
int ret = 0;
@@ -56006,11 +56028,8 @@ wc_test_ret_t slhdsa_test(void)
#endif /* !WOLFSSL_SLHDSA_VERIFY_ONLY */
#if defined(WOLFSSL_SLHDSA_VERIFY_ONLY) || \
defined(WOLFSSL_SLHDSA_PARAM_128S)
#ifdef SLHDSA_TEST_HAVE_ANY_PARAM
out:
#endif
#ifdef WOLFSSL_SLHDSA_PARAM_128S
@@ -56021,7 +56040,9 @@ out:
wc_SlhDsaKey_Free(key_vfy);
}
WC_FREE_VAR_EX(key_vfy, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
/* key, sig, sk, pk are declared inside #ifdef WOLFSSL_SLHDSA_PARAM_128S
* (alongside the SHAKE-128s test data) so they only exist when 128S is
* built. Their cleanup must match. */
#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY
#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
if (key)
@@ -56034,6 +56055,7 @@ out:
WC_FREE_VAR_EX(sk, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
WC_FREE_VAR_EX(pk, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#endif /* WOLFSSL_SLHDSA_PARAM_128S */
return ret;
}
+1 -1
View File
@@ -459,7 +459,6 @@
<ClCompile Include="wolfcrypt\src\sha3.c" />
<ClCompile Include="wolfcrypt\src\sha512.c" />
<ClCompile Include="wolfcrypt\src\signature.c" />
<ClCompile Include="wolfcrypt\src\sphincs.c" />
<ClCompile Include="wolfcrypt\src\sp_c32.c" />
<ClCompile Include="wolfcrypt\src\sp_c64.c" />
<ClCompile Include="wolfcrypt\src\sp_int.c" />
@@ -469,6 +468,7 @@
<ClCompile Include="wolfcrypt\src\wc_encrypt.c" />
<ClCompile Include="wolfcrypt\src\wc_pkcs11.c" />
<ClCompile Include="wolfcrypt\src\wc_port.c" />
<ClCompile Include="wolfcrypt\src\wc_slhdsa.c" />
<ClCompile Include="wolfcrypt\src\wolfmath.c" />
<ClCompile Include="wolfcrypt\src\wolfevent.c" />
<ClCompile Include="wolfcrypt\src\port\liboqs\liboqs.c" />
+4 -4
View File
@@ -371,10 +371,6 @@
RelativePath=".\wolfcrypt\src\sha512.c"
>
</File>
<File
RelativePath=".\wolfcrypt\src\sphincs.c"
>
</File>
<File
RelativePath=".\wolfcrypt\src\sp_c32.c"
>
@@ -415,6 +411,10 @@
RelativePath=".\wolfcrypt\src\wc_port.c"
>
</File>
<File
RelativePath=".\wolfcrypt\src\wc_slhdsa.c"
>
</File>
<File
RelativePath=".\wolfcrypt\src\wolfmath.c"
>
+1 -1
View File
@@ -459,7 +459,6 @@
<ClCompile Include="wolfcrypt\src\sha3.c" />
<ClCompile Include="wolfcrypt\src\sha512.c" />
<ClCompile Include="wolfcrypt\src\signature.c" />
<ClCompile Include="wolfcrypt\src\sphincs.c" />
<ClCompile Include="wolfcrypt\src\sp_c32.c" />
<ClCompile Include="wolfcrypt\src\sp_c64.c" />
<ClCompile Include="wolfcrypt\src\sp_int.c" />
@@ -469,6 +468,7 @@
<ClCompile Include="wolfcrypt\src\wc_encrypt.c" />
<ClCompile Include="wolfcrypt\src\wc_pkcs11.c" />
<ClCompile Include="wolfcrypt\src\wc_port.c" />
<ClCompile Include="wolfcrypt\src\wc_slhdsa.c" />
<ClCompile Include="wolfcrypt\src\wolfmath.c" />
<ClCompile Include="wolfcrypt\src\wolfevent.c" />
<ClCompile Include="wolfcrypt\src\port\liboqs\liboqs.c" />
-142
View File
@@ -5911,148 +5911,6 @@ static const unsigned char bench_dilithium_level5_pubkey[] = {
#endif /* HAVE_DILITHIUM */
#if defined(HAVE_SPHINCS)
/* certs/sphincs/bench_sphincs_fast_level1_key.der */
static const unsigned char bench_sphincs_fast_level1_key[] =
{
0x30, 0x71, 0x02, 0x01, 0x00, 0x30, 0x08, 0x06, 0x06, 0x2B,
0xCE, 0x0F, 0x06, 0x07, 0x0D, 0x04, 0x62, 0x04, 0x60, 0xD8,
0xC4, 0x6E, 0x8D, 0x3B, 0xB7, 0xE7, 0x48, 0x8D, 0x6F, 0x0C,
0x3D, 0xDF, 0xAB, 0x79, 0xB6, 0x62, 0xAE, 0x89, 0x19, 0x6F,
0x5E, 0xF9, 0xD3, 0x3A, 0x69, 0xBA, 0xFF, 0x4C, 0x46, 0xDE,
0xAA, 0x7C, 0x40, 0x79, 0x8C, 0xE1, 0xE5, 0x30, 0xE6, 0xDF,
0x4E, 0x23, 0x5E, 0x14, 0xDB, 0x0A, 0x48, 0x4E, 0xF6, 0x57,
0xCE, 0x45, 0x8F, 0x8B, 0x1D, 0x68, 0x63, 0xAA, 0x24, 0xA4,
0xE1, 0x0D, 0xFB, 0x7C, 0x40, 0x79, 0x8C, 0xE1, 0xE5, 0x30,
0xE6, 0xDF, 0x4E, 0x23, 0x5E, 0x14, 0xDB, 0x0A, 0x48, 0x4E,
0xF6, 0x57, 0xCE, 0x45, 0x8F, 0x8B, 0x1D, 0x68, 0x63, 0xAA,
0x24, 0xA4, 0xE1, 0x0D, 0xFB
};
#define sizeof_bench_sphincs_fast_level1_key (sizeof(bench_sphincs_fast_level1_key))
/* certs/sphincs/bench_sphincs_fast_level3_key.der */
static const unsigned char bench_sphincs_fast_level3_key[] =
{
0x30, 0x81, 0xA3, 0x02, 0x01, 0x00, 0x30, 0x08, 0x06, 0x06,
0x2B, 0xCE, 0x0F, 0x06, 0x08, 0x0A, 0x04, 0x81, 0x93, 0x04,
0x81, 0x90, 0xB2, 0x3A, 0x67, 0xA6, 0x4B, 0x8E, 0xB9, 0xEF,
0xAD, 0x99, 0xE4, 0x3D, 0x65, 0xE8, 0xEE, 0xCF, 0xAC, 0xCF,
0x2F, 0xDE, 0xBC, 0x11, 0x67, 0x8D, 0x8F, 0x8D, 0x3E, 0x99,
0x31, 0x67, 0xED, 0x31, 0x6A, 0x05, 0x47, 0xC1, 0xDA, 0xC5,
0x14, 0x17, 0xA1, 0x93, 0x83, 0x44, 0x58, 0x09, 0x80, 0x3A,
0x47, 0x67, 0x42, 0x6D, 0x4C, 0xB7, 0xC8, 0x7D, 0x37, 0xF3,
0x90, 0xF7, 0x46, 0x92, 0xB6, 0x26, 0xF7, 0x4E, 0x0D, 0x8D,
0xB8, 0xCA, 0x8B, 0xA8, 0x20, 0x5D, 0x67, 0x85, 0xD2, 0x83,
0x2C, 0x2A, 0x38, 0x1F, 0x57, 0x89, 0x76, 0x8C, 0x6D, 0x88,
0xCE, 0x18, 0x4F, 0xA7, 0x88, 0x48, 0x7C, 0x0D, 0x47, 0x67,
0x42, 0x6D, 0x4C, 0xB7, 0xC8, 0x7D, 0x37, 0xF3, 0x90, 0xF7,
0x46, 0x92, 0xB6, 0x26, 0xF7, 0x4E, 0x0D, 0x8D, 0xB8, 0xCA,
0x8B, 0xA8, 0x20, 0x5D, 0x67, 0x85, 0xD2, 0x83, 0x2C, 0x2A,
0x38, 0x1F, 0x57, 0x89, 0x76, 0x8C, 0x6D, 0x88, 0xCE, 0x18,
0x4F, 0xA7, 0x88, 0x48, 0x7C, 0x0D
};
#define sizeof_bench_sphincs_fast_level3_key (sizeof(bench_sphincs_fast_level3_key))
/* certs/sphincs/bench_sphincs_fast_level5_key.der */
static const unsigned char bench_sphincs_fast_level5_key[] =
{
0x30, 0x81, 0xD3, 0x02, 0x01, 0x00, 0x30, 0x08, 0x06, 0x06,
0x2B, 0xCE, 0x0F, 0x06, 0x09, 0x0A, 0x04, 0x81, 0xC3, 0x04,
0x81, 0xC0, 0xAB, 0xD3, 0xFD, 0x3B, 0x17, 0x00, 0xCD, 0xD5,
0xB2, 0xEE, 0xD2, 0x36, 0xE5, 0xF7, 0x1D, 0xDC, 0xC8, 0x42,
0xDB, 0x53, 0x6A, 0x8A, 0x0D, 0x6D, 0xD2, 0x3C, 0x1C, 0x7C,
0x98, 0x4D, 0x73, 0xC8, 0xAB, 0x2E, 0xAA, 0x7A, 0xC0, 0x26,
0xC4, 0x0D, 0x7E, 0xB4, 0xD3, 0xBB, 0x13, 0xF4, 0x6E, 0xFE,
0x0E, 0xA5, 0xA4, 0x58, 0x57, 0xA2, 0xDD, 0x99, 0x62, 0xB9,
0xBA, 0xC2, 0x5B, 0x26, 0xED, 0x6E, 0x99, 0xFA, 0x11, 0x0E,
0xCF, 0x33, 0x54, 0x85, 0x56, 0x0C, 0xEB, 0x2A, 0xB0, 0xAA,
0xEB, 0x74, 0x14, 0x89, 0x1A, 0xB9, 0x38, 0xF5, 0x29, 0x66,
0x28, 0x28, 0x17, 0xF5, 0x72, 0x42, 0xEE, 0xC0, 0x14, 0x59,
0xA0, 0x72, 0x9B, 0x9B, 0x1E, 0x7F, 0x70, 0x70, 0xBB, 0x89,
0x0C, 0x7E, 0x87, 0x8B, 0x83, 0x80, 0x2B, 0x66, 0x58, 0x64,
0x1D, 0x94, 0xAF, 0x58, 0xB5, 0x23, 0x2C, 0xA1, 0xE9, 0x95,
0x99, 0xFA, 0x11, 0x0E, 0xCF, 0x33, 0x54, 0x85, 0x56, 0x0C,
0xEB, 0x2A, 0xB0, 0xAA, 0xEB, 0x74, 0x14, 0x89, 0x1A, 0xB9,
0x38, 0xF5, 0x29, 0x66, 0x28, 0x28, 0x17, 0xF5, 0x72, 0x42,
0xEE, 0xC0, 0x14, 0x59, 0xA0, 0x72, 0x9B, 0x9B, 0x1E, 0x7F,
0x70, 0x70, 0xBB, 0x89, 0x0C, 0x7E, 0x87, 0x8B, 0x83, 0x80,
0x2B, 0x66, 0x58, 0x64, 0x1D, 0x94, 0xAF, 0x58, 0xB5, 0x23,
0x2C, 0xA1, 0xE9, 0x95
};
#define sizeof_bench_sphincs_fast_level5_key (sizeof(bench_sphincs_fast_level5_key))
/* certs/sphincs/bench_sphincs_small_level1_key.der */
static const unsigned char bench_sphincs_small_level1_key[] =
{
0x30, 0x71, 0x02, 0x01, 0x00, 0x30, 0x08, 0x06, 0x06, 0x2B,
0xCE, 0x0F, 0x06, 0x07, 0x10, 0x04, 0x62, 0x04, 0x60, 0xFF,
0x26, 0x56, 0x65, 0xAC, 0x6C, 0x0B, 0x72, 0x2D, 0x8D, 0xB8,
0x29, 0x4A, 0x15, 0x7E, 0xEF, 0x55, 0xFD, 0xBE, 0xF4, 0xC0,
0xE6, 0x6F, 0x2B, 0x7A, 0x97, 0x60, 0x51, 0x1C, 0xCB, 0x82,
0x43, 0x44, 0xDE, 0x14, 0x3D, 0x4F, 0xE7, 0x3C, 0x1C, 0xB3,
0xBB, 0x9F, 0xE8, 0x9F, 0x8F, 0xA4, 0xAD, 0xB9, 0x52, 0xC1,
0x31, 0xF7, 0xC1, 0x86, 0x7E, 0x73, 0xFB, 0x9E, 0x72, 0x57,
0x8A, 0xD7, 0x44, 0x44, 0xDE, 0x14, 0x3D, 0x4F, 0xE7, 0x3C,
0x1C, 0xB3, 0xBB, 0x9F, 0xE8, 0x9F, 0x8F, 0xA4, 0xAD, 0xB9,
0x52, 0xC1, 0x31, 0xF7, 0xC1, 0x86, 0x7E, 0x73, 0xFB, 0x9E,
0x72, 0x57, 0x8A, 0xD7, 0x44
};
#define sizeof_bench_sphincs_small_level1_key (sizeof(bench_sphincs_small_level1_key))
/* certs/sphincs/bench_sphincs_small_level3_key.der */
static const unsigned char bench_sphincs_small_level3_key[] =
{
0x30, 0x81, 0xA3, 0x02, 0x01, 0x00, 0x30, 0x08, 0x06, 0x06,
0x2B, 0xCE, 0x0F, 0x06, 0x08, 0x0C, 0x04, 0x81, 0x93, 0x04,
0x81, 0x90, 0x59, 0xC1, 0x44, 0x8A, 0x5F, 0xF3, 0xF1, 0xB3,
0xB8, 0xFF, 0x98, 0x7F, 0x86, 0x4A, 0x4C, 0x19, 0xFC, 0x51,
0xB8, 0x12, 0x87, 0x9C, 0x52, 0xD6, 0x7F, 0xD6, 0xB0, 0xA9,
0xF7, 0xED, 0x44, 0x26, 0xAF, 0xC2, 0xCE, 0x47, 0xD9, 0xE3,
0x95, 0x1A, 0xE6, 0x11, 0xC1, 0x37, 0x67, 0xA5, 0x89, 0xDD,
0x37, 0x6A, 0xE9, 0xC3, 0x8C, 0x9B, 0x3E, 0xBA, 0xB1, 0x76,
0x4A, 0x5A, 0xEE, 0xCD, 0x96, 0x66, 0xF2, 0x53, 0xDA, 0x8C,
0x89, 0x69, 0xBF, 0xBF, 0xF9, 0xA5, 0xBC, 0x7D, 0x80, 0xA8,
0x97, 0x63, 0x90, 0x55, 0x58, 0x6C, 0x0A, 0x52, 0x61, 0x0B,
0xF3, 0xBC, 0xE1, 0x1F, 0xB4, 0xA6, 0x5F, 0x9F, 0x37, 0x6A,
0xE9, 0xC3, 0x8C, 0x9B, 0x3E, 0xBA, 0xB1, 0x76, 0x4A, 0x5A,
0xEE, 0xCD, 0x96, 0x66, 0xF2, 0x53, 0xDA, 0x8C, 0x89, 0x69,
0xBF, 0xBF, 0xF9, 0xA5, 0xBC, 0x7D, 0x80, 0xA8, 0x97, 0x63,
0x90, 0x55, 0x58, 0x6C, 0x0A, 0x52, 0x61, 0x0B, 0xF3, 0xBC,
0xE1, 0x1F, 0xB4, 0xA6, 0x5F, 0x9F
};
#define sizeof_bench_sphincs_small_level3_key (sizeof(bench_sphincs_small_level3_key))
/* certs/sphincs/bench_sphincs_small_level5_key.der */
static const unsigned char bench_sphincs_small_level5_key[] =
{
0x30, 0x81, 0xD3, 0x02, 0x01, 0x00, 0x30, 0x08, 0x06, 0x06,
0x2B, 0xCE, 0x0F, 0x06, 0x09, 0x0C, 0x04, 0x81, 0xC3, 0x04,
0x81, 0xC0, 0x53, 0xE5, 0x25, 0x41, 0x1C, 0xCB, 0x8F, 0xAF,
0x83, 0xBE, 0x64, 0x43, 0x70, 0x4E, 0x1D, 0x86, 0xF8, 0xFA,
0xEA, 0x65, 0x9B, 0x45, 0xBC, 0xF1, 0x79, 0x57, 0x87, 0x51,
0x2F, 0x6D, 0x50, 0xB8, 0x0D, 0x9A, 0x9F, 0x8C, 0xE8, 0x9B,
0xE8, 0xFA, 0x1E, 0xF0, 0xA1, 0x98, 0xCA, 0x8B, 0x34, 0xD4,
0x71, 0x53, 0xF0, 0xA7, 0x1D, 0xD6, 0x0D, 0xDF, 0x63, 0x61,
0xA7, 0x12, 0x80, 0x64, 0xF7, 0x73, 0x14, 0x03, 0xD4, 0x54,
0x01, 0x9D, 0x9D, 0x5D, 0x42, 0xC1, 0x2B, 0x91, 0xC3, 0xA2,
0xD3, 0x12, 0x67, 0x35, 0x3B, 0xD7, 0x67, 0x31, 0xD5, 0xDC,
0xDF, 0x4C, 0x4C, 0xAA, 0x45, 0xA8, 0x5D, 0x1E, 0xFB, 0x9E,
0x34, 0x5D, 0x4B, 0x83, 0x77, 0xBF, 0x52, 0x8A, 0xDB, 0x67,
0x7A, 0x52, 0xA4, 0x02, 0x29, 0xEB, 0x34, 0x9A, 0x4E, 0x86,
0x25, 0x66, 0xFF, 0xA0, 0x79, 0x47, 0xBE, 0x94, 0xC2, 0x69,
0x14, 0x03, 0xD4, 0x54, 0x01, 0x9D, 0x9D, 0x5D, 0x42, 0xC1,
0x2B, 0x91, 0xC3, 0xA2, 0xD3, 0x12, 0x67, 0x35, 0x3B, 0xD7,
0x67, 0x31, 0xD5, 0xDC, 0xDF, 0x4C, 0x4C, 0xAA, 0x45, 0xA8,
0x5D, 0x1E, 0xFB, 0x9E, 0x34, 0x5D, 0x4B, 0x83, 0x77, 0xBF,
0x52, 0x8A, 0xDB, 0x67, 0x7A, 0x52, 0xA4, 0x02, 0x29, 0xEB,
0x34, 0x9A, 0x4E, 0x86, 0x25, 0x66, 0xFF, 0xA0, 0x79, 0x47,
0xBE, 0x94, 0xC2, 0x69
};
#define sizeof_bench_sphincs_small_level5_key (sizeof(bench_sphincs_small_level5_key))
#endif /* HAVE_SPHINCS */
#if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
/* ./certs/ecc-client-key.der, ECC */
+32 -15
View File
@@ -67,8 +67,8 @@ that can be serialized and deserialized in a cross-platform way.
#ifdef HAVE_ED448
#include <wolfssl/wolfcrypt/ed448.h>
#endif
#ifdef HAVE_SPHINCS
#include <wolfssl/wolfcrypt/sphincs.h>
#ifdef WOLFSSL_HAVE_SLHDSA
#include <wolfssl/wolfcrypt/wc_slhdsa.h>
#endif
#ifdef HAVE_FALCON
#include <wolfssl/wolfcrypt/falcon.h>
@@ -1542,7 +1542,7 @@ struct SignatureCtx {
#endif
#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) || \
!defined(NO_DSA) || defined(HAVE_DILITHIUM) || defined(HAVE_FALCON) || \
defined(HAVE_SPHINCS)
defined(WOLFSSL_HAVE_SLHDSA)
int verify;
#endif
union {
@@ -1595,11 +1595,11 @@ struct SignatureCtx {
struct dilithium_key* dilithium;
#endif
#endif
#ifdef HAVE_SPHINCS
#ifdef WOLFSSL_HAVE_SLHDSA
#ifdef WOLFSSL_NO_MALLOC
struct sphincs_key sphincs[1];
SlhDsaKey slhdsa[1];
#else
struct sphincs_key* sphincs;
SlhDsaKey* slhdsa;
#endif
#endif
#ifndef WOLFSSL_NO_MALLOC
@@ -1856,13 +1856,14 @@ struct DecodedCert {
#endif /* WOLFSSL_SUBJ_INFO_ACC */
#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) || \
defined(HAVE_DILITHIUM) || defined(HAVE_FALCON) || defined(HAVE_SPHINCS)
defined(HAVE_DILITHIUM) || defined(HAVE_FALCON) || \
defined(WOLFSSL_HAVE_SLHDSA)
word32 pkCurveOID; /* Public Key's curve OID */
#ifdef WOLFSSL_CUSTOM_CURVES
int pkCurveSize; /* Public Key's curve size */
#endif
#endif /* HAVE_ECC || HAVE_ED25519 || HAVE_ED448 || HAVE_DILITHIUM ||
* HAVE_FALCON || HAVE_SPHINCS */
* HAVE_FALCON || WOLFSSL_HAVE_SLHDSA */
const byte* beforeDate;
int beforeDateLen;
const byte* afterDate;
@@ -2690,12 +2691,18 @@ enum cert_enums {
ML_DSA_LEVEL2_KEY = 21,
ML_DSA_LEVEL3_KEY = 22,
ML_DSA_LEVEL5_KEY = 23,
SPHINCS_FAST_LEVEL1_KEY = 24,
SPHINCS_FAST_LEVEL3_KEY = 25,
SPHINCS_FAST_LEVEL5_KEY = 26,
SPHINCS_SMALL_LEVEL1_KEY = 27,
SPHINCS_SMALL_LEVEL3_KEY = 28,
SPHINCS_SMALL_LEVEL5_KEY = 29
SLH_DSA_SHA2_128S_KEY = 24,
SLH_DSA_SHA2_128F_KEY = 25,
SLH_DSA_SHA2_192S_KEY = 26,
SLH_DSA_SHA2_192F_KEY = 27,
SLH_DSA_SHA2_256S_KEY = 28,
SLH_DSA_SHA2_256F_KEY = 29,
SLH_DSA_SHAKE_128S_KEY = 30,
SLH_DSA_SHAKE_128F_KEY = 31,
SLH_DSA_SHAKE_192S_KEY = 32,
SLH_DSA_SHAKE_192F_KEY = 33,
SLH_DSA_SHAKE_256S_KEY = 34,
SLH_DSA_SHAKE_256F_KEY = 35
};
#endif /* WOLFSSL_CERT_GEN */
@@ -3133,7 +3140,7 @@ WOLFSSL_TEST_VIS int wolfssl_local_MatchIpSubnet(const byte* ip, int ipSz,
|| (defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_IMPORT)) \
|| (defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)) \
|| (defined(HAVE_CURVE448) && defined(HAVE_CURVE448_KEY_IMPORT)) \
|| defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) || defined(HAVE_SPHINCS))
|| defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) || defined(WOLFSSL_HAVE_SLHDSA))
WOLFSSL_LOCAL int DecodeAsymKey_Assign(const byte* input, word32* inOutIdx,
word32 inSz, const byte** seed, word32* seedLen, const byte** privKey,
word32* privKeyLen, const byte** pubKey, word32* pubKeyLen,
@@ -3150,6 +3157,16 @@ WOLFSSL_TEST_VIS int SetAsymKeyDer(const byte* privKey, word32 privKeyLen,
int keyType);
#endif
#ifdef WOLFSSL_HAVE_SLHDSA
/* SLH-DSA OID mapping helpers shared with x509.c, ssl.c, wc_slhdsa.c, etc.
* All four are backed by a single static map in asn.c so the per-variant
* gating (WOLFSSL_SLHDSA_PARAM_NO_*) lives in one place. */
WOLFSSL_LOCAL int wc_SlhDsaOidToParam(int oid);
WOLFSSL_LOCAL int wc_SlhDsaOidToCertType(int oid);
WOLFSSL_LOCAL int wc_IsSlhDsaOid(int oid);
WOLFSSL_LOCAL int wc_SlhDsaParamToOid(enum SlhDsaParam param);
#endif
#endif /* !NO_ASN */
#if !defined(NO_ASN) || !defined(NO_PWDBASED)
+15 -9
View File
@@ -81,9 +81,9 @@ This library defines the interface APIs for X509 certificates.
typedef struct dilithium_key dilithium_key;
#define WC_DILITHIUMKEY_TYPE_DEFINED
#endif
#ifndef WC_SPHINCSKEY_TYPE_DEFINED
typedef struct sphincs_key sphincs_key;
#define WC_SPHINCSKEY_TYPE_DEFINED
#ifndef WC_SLHDSAKEY_TYPE_DEFINED
typedef struct SlhDsaKey SlhDsaKey;
#define WC_SLHDSAKEY_TYPE_DEFINED
#endif
enum EncPkcs8Types {
@@ -143,12 +143,18 @@ enum CertType {
ML_DSA_LEVEL2_TYPE,
ML_DSA_LEVEL3_TYPE,
ML_DSA_LEVEL5_TYPE,
SPHINCS_FAST_LEVEL1_TYPE,
SPHINCS_FAST_LEVEL3_TYPE,
SPHINCS_FAST_LEVEL5_TYPE,
SPHINCS_SMALL_LEVEL1_TYPE,
SPHINCS_SMALL_LEVEL3_TYPE,
SPHINCS_SMALL_LEVEL5_TYPE,
SLH_DSA_SHA2_128S_TYPE,
SLH_DSA_SHA2_128F_TYPE,
SLH_DSA_SHA2_192S_TYPE,
SLH_DSA_SHA2_192F_TYPE,
SLH_DSA_SHA2_256S_TYPE,
SLH_DSA_SHA2_256F_TYPE,
SLH_DSA_SHAKE_128S_TYPE,
SLH_DSA_SHAKE_128F_TYPE,
SLH_DSA_SHAKE_192S_TYPE,
SLH_DSA_SHAKE_192F_TYPE,
SLH_DSA_SHAKE_256S_TYPE,
SLH_DSA_SHAKE_256F_TYPE,
ECC_PARAM_TYPE,
CHAIN_CERT_TYPE,
PKCS7_TYPE,
-1
View File
@@ -25,7 +25,6 @@ nobase_include_HEADERS+= \
wolfssl/wolfcrypt/ed448.h \
wolfssl/wolfcrypt/falcon.h \
wolfssl/wolfcrypt/dilithium.h \
wolfssl/wolfcrypt/sphincs.h \
wolfssl/wolfcrypt/fe_448.h \
wolfssl/wolfcrypt/ge_448.h \
wolfssl/wolfcrypt/eccsi.h \
+96 -48
View File
@@ -196,18 +196,30 @@ enum Key_Sum {
ML_DSA_LEVEL3k = 432, /* 2.16.840.1.101.3.4.3.18 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x13 */
ML_DSA_LEVEL5k = 433, /* 2.16.840.1.101.3.4.3.19 */
/* 0x2b,0xce,0x0f,0x06,0x07,0x04 */
SPHINCS_FAST_LEVEL1k = 281, /* 1.3.9999.6.7.4 */
/* 0x2b,0xce,0x0f,0x06,0x08,0x03 */
SPHINCS_FAST_LEVEL3k = 283, /* 1.3.9999.6.8.3 */
/* 0x2b,0xce,0x0f,0x06,0x09,0x03 */
SPHINCS_FAST_LEVEL5k = 282, /* 1.3.9999.6.9.3 */
/* 0x2b,0xce,0x0f,0x06,0x07,0x0a */
SPHINCS_SMALL_LEVEL1k = 287, /* 1.3.9999.6.7.10 */
/* 0x2b,0xce,0x0f,0x06,0x08,0x07 */
SPHINCS_SMALL_LEVEL3k = 285, /* 1.3.9999.6.8.7 */
/* 0x2b,0xce,0x0f,0x06,0x09,0x07 */
SPHINCS_SMALL_LEVEL5k = 286 /* 1.3.9999.6.9.7 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x14 */
SLH_DSA_SHA2_128Sk = 434, /* 2.16.840.1.101.3.4.3.20 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x15 */
SLH_DSA_SHA2_128Fk = 435, /* 2.16.840.1.101.3.4.3.21 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x16 */
SLH_DSA_SHA2_192Sk = 436, /* 2.16.840.1.101.3.4.3.22 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x17 */
SLH_DSA_SHA2_192Fk = 437, /* 2.16.840.1.101.3.4.3.23 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x18 */
SLH_DSA_SHA2_256Sk = 438, /* 2.16.840.1.101.3.4.3.24 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x19 */
SLH_DSA_SHA2_256Fk = 439, /* 2.16.840.1.101.3.4.3.25 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x1a */
SLH_DSA_SHAKE_128Sk = 440, /* 2.16.840.1.101.3.4.3.26 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x1b */
SLH_DSA_SHAKE_128Fk = 441, /* 2.16.840.1.101.3.4.3.27 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x1c */
SLH_DSA_SHAKE_192Sk = 442, /* 2.16.840.1.101.3.4.3.28 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x1d */
SLH_DSA_SHAKE_192Fk = 443, /* 2.16.840.1.101.3.4.3.29 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x1e */
SLH_DSA_SHAKE_256Sk = 444, /* 2.16.840.1.101.3.4.3.30 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x1f */
SLH_DSA_SHAKE_256Fk = 445 /* 2.16.840.1.101.3.4.3.31 */
#else
/* 0x00 */
ANONk = 0x7fffffff, /* 0.0 */
@@ -249,18 +261,30 @@ enum Key_Sum {
ML_DSA_LEVEL3k = 0x7db37ae8, /* 2.16.840.1.101.3.4.3.18 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x13 */
ML_DSA_LEVEL5k = 0x7db37ae9, /* 2.16.840.1.101.3.4.3.19 */
/* 0x2b,0xce,0x0f,0x06,0x07,0x04 */
SPHINCS_FAST_LEVEL1k = 0x06f0ca2c, /* 1.3.9999.6.7.4 */
/* 0x2b,0xce,0x0f,0x06,0x08,0x03 */
SPHINCS_FAST_LEVEL3k = 0x06f0cd23, /* 1.3.9999.6.8.3 */
/* 0x2b,0xce,0x0f,0x06,0x09,0x03 */
SPHINCS_FAST_LEVEL5k = 0x06f0cd22, /* 1.3.9999.6.9.3 */
/* 0x2b,0xce,0x0f,0x06,0x07,0x0a */
SPHINCS_SMALL_LEVEL1k = 0x06f0c42c, /* 1.3.9999.6.7.10 */
/* 0x2b,0xce,0x0f,0x06,0x08,0x07 */
SPHINCS_SMALL_LEVEL3k = 0x06f0c923, /* 1.3.9999.6.8.7 */
/* 0x2b,0xce,0x0f,0x06,0x09,0x07 */
SPHINCS_SMALL_LEVEL5k = 0x06f0c922 /* 1.3.9999.6.9.7 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x14 */
SLH_DSA_SHA2_128Sk = 0x7db37aee, /* 2.16.840.1.101.3.4.3.20 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x15 */
SLH_DSA_SHA2_128Fk = 0x7db37aef, /* 2.16.840.1.101.3.4.3.21 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x16 */
SLH_DSA_SHA2_192Sk = 0x7db37aec, /* 2.16.840.1.101.3.4.3.22 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x17 */
SLH_DSA_SHA2_192Fk = 0x7db37aed, /* 2.16.840.1.101.3.4.3.23 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x18 */
SLH_DSA_SHA2_256Sk = 0x7db37ae2, /* 2.16.840.1.101.3.4.3.24 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x19 */
SLH_DSA_SHA2_256Fk = 0x7db37ae3, /* 2.16.840.1.101.3.4.3.25 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x1a */
SLH_DSA_SHAKE_128Sk = 0x7db37ae0, /* 2.16.840.1.101.3.4.3.26 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x1b */
SLH_DSA_SHAKE_128Fk = 0x7db37ae1, /* 2.16.840.1.101.3.4.3.27 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x1c */
SLH_DSA_SHAKE_192Sk = 0x7db37ae6, /* 2.16.840.1.101.3.4.3.28 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x1d */
SLH_DSA_SHAKE_192Fk = 0x7db37ae7, /* 2.16.840.1.101.3.4.3.29 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x1e */
SLH_DSA_SHAKE_256Sk = 0x7db37ae4, /* 2.16.840.1.101.3.4.3.30 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x1f */
SLH_DSA_SHAKE_256Fk = 0x7db37ae5 /* 2.16.840.1.101.3.4.3.31 */
#endif
};
@@ -1580,18 +1604,30 @@ enum Ctc_SigType {
CTC_ML_DSA_LEVEL3 = 432, /* 2.16.840.1.101.3.4.3.18 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x13 */
CTC_ML_DSA_LEVEL5 = 433, /* 2.16.840.1.101.3.4.3.19 */
/* 0x2b,0xce,0x0f,0x06,0x07,0x04 */
CTC_SPHINCS_FAST_LEVEL1 = 281, /* 1.3.9999.6.7.4 */
/* 0x2b,0xce,0x0f,0x06,0x08,0x03 */
CTC_SPHINCS_FAST_LEVEL3 = 283, /* 1.3.9999.6.8.3 */
/* 0x2b,0xce,0x0f,0x06,0x09,0x03 */
CTC_SPHINCS_FAST_LEVEL5 = 282, /* 1.3.9999.6.9.3 */
/* 0x2b,0xce,0x0f,0x06,0x07,0x0a */
CTC_SPHINCS_SMALL_LEVEL1 = 287, /* 1.3.9999.6.7.10 */
/* 0x2b,0xce,0x0f,0x06,0x08,0x07 */
CTC_SPHINCS_SMALL_LEVEL3 = 285, /* 1.3.9999.6.8.7 */
/* 0x2b,0xce,0x0f,0x06,0x09,0x07 */
CTC_SPHINCS_SMALL_LEVEL5 = 286 /* 1.3.9999.6.9.7 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x14 */
CTC_SLH_DSA_SHA2_128S = 434, /* 2.16.840.1.101.3.4.3.20 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x15 */
CTC_SLH_DSA_SHA2_128F = 435, /* 2.16.840.1.101.3.4.3.21 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x16 */
CTC_SLH_DSA_SHA2_192S = 436, /* 2.16.840.1.101.3.4.3.22 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x17 */
CTC_SLH_DSA_SHA2_192F = 437, /* 2.16.840.1.101.3.4.3.23 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x18 */
CTC_SLH_DSA_SHA2_256S = 438, /* 2.16.840.1.101.3.4.3.24 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x19 */
CTC_SLH_DSA_SHA2_256F = 439, /* 2.16.840.1.101.3.4.3.25 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x1a */
CTC_SLH_DSA_SHAKE_128S = 440, /* 2.16.840.1.101.3.4.3.26 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x1b */
CTC_SLH_DSA_SHAKE_128F = 441, /* 2.16.840.1.101.3.4.3.27 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x1c */
CTC_SLH_DSA_SHAKE_192S = 442, /* 2.16.840.1.101.3.4.3.28 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x1d */
CTC_SLH_DSA_SHAKE_192F = 443, /* 2.16.840.1.101.3.4.3.29 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x1e */
CTC_SLH_DSA_SHAKE_256S = 444, /* 2.16.840.1.101.3.4.3.30 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x1f */
CTC_SLH_DSA_SHAKE_256F = 445 /* 2.16.840.1.101.3.4.3.31 */
#else
/* 0x2a,0x86,0x48,0xce,0x38,0x04,0x03 */
CTC_SHAwDSA = 0x314b8212, /* 1.2.840.10040.4.3 */
@@ -1661,18 +1697,30 @@ enum Ctc_SigType {
CTC_ML_DSA_LEVEL3 = 0x7db37ae8, /* 2.16.840.1.101.3.4.3.18 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x13 */
CTC_ML_DSA_LEVEL5 = 0x7db37ae9, /* 2.16.840.1.101.3.4.3.19 */
/* 0x2b,0xce,0x0f,0x06,0x07,0x04 */
CTC_SPHINCS_FAST_LEVEL1 = 0x06f0ca2c, /* 1.3.9999.6.7.4 */
/* 0x2b,0xce,0x0f,0x06,0x08,0x03 */
CTC_SPHINCS_FAST_LEVEL3 = 0x06f0cd23, /* 1.3.9999.6.8.3 */
/* 0x2b,0xce,0x0f,0x06,0x09,0x03 */
CTC_SPHINCS_FAST_LEVEL5 = 0x06f0cd22, /* 1.3.9999.6.9.3 */
/* 0x2b,0xce,0x0f,0x06,0x07,0x0a */
CTC_SPHINCS_SMALL_LEVEL1 = 0x06f0c42c, /* 1.3.9999.6.7.10 */
/* 0x2b,0xce,0x0f,0x06,0x08,0x07 */
CTC_SPHINCS_SMALL_LEVEL3 = 0x06f0c923, /* 1.3.9999.6.8.7 */
/* 0x2b,0xce,0x0f,0x06,0x09,0x07 */
CTC_SPHINCS_SMALL_LEVEL5 = 0x06f0c922 /* 1.3.9999.6.9.7 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x14 */
CTC_SLH_DSA_SHA2_128S = 0x7db37aee, /* 2.16.840.1.101.3.4.3.20 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x15 */
CTC_SLH_DSA_SHA2_128F = 0x7db37aef, /* 2.16.840.1.101.3.4.3.21 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x16 */
CTC_SLH_DSA_SHA2_192S = 0x7db37aec, /* 2.16.840.1.101.3.4.3.22 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x17 */
CTC_SLH_DSA_SHA2_192F = 0x7db37aed, /* 2.16.840.1.101.3.4.3.23 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x18 */
CTC_SLH_DSA_SHA2_256S = 0x7db37ae2, /* 2.16.840.1.101.3.4.3.24 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x19 */
CTC_SLH_DSA_SHA2_256F = 0x7db37ae3, /* 2.16.840.1.101.3.4.3.25 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x1a */
CTC_SLH_DSA_SHAKE_128S = 0x7db37ae0, /* 2.16.840.1.101.3.4.3.26 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x1b */
CTC_SLH_DSA_SHAKE_128F = 0x7db37ae1, /* 2.16.840.1.101.3.4.3.27 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x1c */
CTC_SLH_DSA_SHAKE_192S = 0x7db37ae6, /* 2.16.840.1.101.3.4.3.28 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x1d */
CTC_SLH_DSA_SHAKE_192F = 0x7db37ae7, /* 2.16.840.1.101.3.4.3.29 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x1e */
CTC_SLH_DSA_SHAKE_256S = 0x7db37ae4, /* 2.16.840.1.101.3.4.3.30 */
/* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x1f */
CTC_SLH_DSA_SHAKE_256F = 0x7db37ae5 /* 2.16.840.1.101.3.4.3.31 */
#endif
};
+2 -2
View File
@@ -3292,7 +3292,7 @@ extern void uITRON4_free(void *p) ;
(defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT)) || \
(defined(HAVE_CURVE448) && defined(HAVE_CURVE448_KEY_EXPORT)) || \
defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) || \
defined(HAVE_SPHINCS) || defined(HAVE_LIBOQS))
defined(WOLFSSL_HAVE_SLHDSA) || defined(HAVE_LIBOQS))
#define WC_ENABLE_ASYM_KEY_EXPORT
#endif
@@ -3302,7 +3302,7 @@ extern void uITRON4_free(void *p) ;
(defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)) || \
(defined(HAVE_CURVE448) && defined(HAVE_CURVE448_KEY_IMPORT)) || \
defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) || \
defined(HAVE_SPHINCS) || defined(HAVE_LIBOQS))
defined(WOLFSSL_HAVE_SLHDSA) || defined(HAVE_LIBOQS))
#define WC_ENABLE_ASYM_KEY_IMPORT
#endif
-167
View File
@@ -1,167 +0,0 @@
/* sphincs.h
*
* Copyright (C) 2006-2026 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/*!
\file wolfssl/wolfcrypt/sphincs.h
*/
/* Interfaces for Sphincs:
* - SPHINCS_FAST_LEVEL1 (AKA SPHINCS+-SHAKE-128f-simple)
* - SPHINCS_FAST_LEVEL3 (AKA SPHINCS+-SHAKE-192f-simple)
* - SPHINCS_FAST_LEVEL5 (AKA SPHINCS+-SHAKE-256f-simple)
* - SPHINCS_SMALL_LEVEL1 (AKA SPHINCS+-SHAKE-128s-simple)
* - SPHINCS_SMALL_LEVEL3 (AKA SPHINCS+-SHAKE-192s-simple)
* - SPHINCS_SMALL_LEVEL5 (AKA SPHINCS+-SHAKE-256s-simple)
*/
#ifndef WOLF_CRYPT_SPHINCS_H
#define WOLF_CRYPT_SPHINCS_H
#include <wolfssl/wolfcrypt/types.h>
#if defined(HAVE_SPHINCS)
#ifdef HAVE_LIBOQS
#include <oqs/oqs.h>
#include <wolfssl/wolfcrypt/port/liboqs/liboqs.h>
#endif
#ifdef __cplusplus
extern "C" {
#endif
/* Macros Definitions */
#ifdef HAVE_LIBOQS
#define SPHINCS_FAST_LEVEL1_SIG_SIZE OQS_SIG_sphincs_shake_128f_simple_length_signature
#define SPHINCS_FAST_LEVEL3_SIG_SIZE OQS_SIG_sphincs_shake_192f_simple_length_signature
#define SPHINCS_FAST_LEVEL5_SIG_SIZE OQS_SIG_sphincs_shake_256f_simple_length_signature
#define SPHINCS_SMALL_LEVEL1_SIG_SIZE OQS_SIG_sphincs_shake_128s_simple_length_signature
#define SPHINCS_SMALL_LEVEL3_SIG_SIZE OQS_SIG_sphincs_shake_192s_simple_length_signature
#define SPHINCS_SMALL_LEVEL5_SIG_SIZE OQS_SIG_sphincs_shake_256s_simple_length_signature
#define SPHINCS_LEVEL1_KEY_SIZE OQS_SIG_sphincs_shake_128f_simple_length_secret_key
#define SPHINCS_LEVEL1_PUB_KEY_SIZE OQS_SIG_sphincs_shake_128f_simple_length_public_key
#define SPHINCS_LEVEL1_PRV_KEY_SIZE (SPHINCS_LEVEL1_PUB_KEY_SIZE+SPHINCS_LEVEL1_KEY_SIZE)
#define SPHINCS_LEVEL3_KEY_SIZE OQS_SIG_sphincs_shake_192f_simple_length_secret_key
#define SPHINCS_LEVEL3_PUB_KEY_SIZE OQS_SIG_sphincs_shake_192f_simple_length_public_key
#define SPHINCS_LEVEL3_PRV_KEY_SIZE (SPHINCS_LEVEL3_PUB_KEY_SIZE+SPHINCS_LEVEL3_KEY_SIZE)
#define SPHINCS_LEVEL5_KEY_SIZE OQS_SIG_sphincs_shake_256f_simple_length_secret_key
#define SPHINCS_LEVEL5_PUB_KEY_SIZE OQS_SIG_sphincs_shake_256f_simple_length_public_key
#define SPHINCS_LEVEL5_PRV_KEY_SIZE (SPHINCS_LEVEL5_PUB_KEY_SIZE+SPHINCS_LEVEL5_KEY_SIZE)
#endif
#define SPHINCS_MAX_SIG_SIZE SPHINCS_FAST_LEVEL5_SIG_SIZE
#define SPHINCS_MAX_KEY_SIZE SPHINCS_LEVEL5_PRV_KEY_SIZE
#define SPHINCS_MAX_PUB_KEY_SIZE SPHINCS_LEVEL5_PUB_KEY_SIZE
#define SPHINCS_MAX_PRV_KEY_SIZE SPHINCS_LEVEL5_PRV_KEY_SIZE
#define FAST_VARIANT 1
#define SMALL_VARIANT 2
/* Structs */
struct sphincs_key {
WC_BITFIELD pubKeySet:1;
WC_BITFIELD prvKeySet:1;
byte level; /* 1,3 or 5 */
byte optim; /* FAST_VARIANT or SMALL_VARIANT */
byte p[SPHINCS_MAX_PUB_KEY_SIZE];
byte k[SPHINCS_MAX_PRV_KEY_SIZE];
};
#ifndef WC_SPHINCSKEY_TYPE_DEFINED
typedef struct sphincs_key sphincs_key;
#define WC_SPHINCSKEY_TYPE_DEFINED
#endif
/* Functions */
WOLFSSL_API
int wc_sphincs_sign_msg(const byte* in, word32 inLen, byte* out, word32 *outLen,
sphincs_key* key, WC_RNG* rng);
WOLFSSL_API
int wc_sphincs_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
word32 msgLen, int* res, sphincs_key* key);
WOLFSSL_API
int wc_sphincs_init(sphincs_key* key);
WOLFSSL_API
int wc_sphincs_set_level_and_optim(sphincs_key* key, byte level, byte optim);
WOLFSSL_API
int wc_sphincs_get_level_and_optim(sphincs_key* key, byte* level, byte *optim);
WOLFSSL_API
void wc_sphincs_free(sphincs_key* key);
WOLFSSL_API
int wc_sphincs_import_public(const byte* in, word32 inLen, sphincs_key* key);
WOLFSSL_API
int wc_sphincs_import_private_only(const byte* priv, word32 privSz,
sphincs_key* key);
WOLFSSL_API
int wc_sphincs_import_private_key(const byte* priv, word32 privSz,
const byte* pub, word32 pubSz,
sphincs_key* key);
WOLFSSL_API
int wc_sphincs_export_public(sphincs_key* key, byte* out, word32* outLen);
WOLFSSL_API
int wc_sphincs_export_private_only(sphincs_key* key, byte* out, word32* outLen);
WOLFSSL_API
int wc_sphincs_export_private(sphincs_key* key, byte* out, word32* outLen);
WOLFSSL_API
int wc_sphincs_export_key(sphincs_key* key, byte* priv, word32 *privSz,
byte* pub, word32 *pubSz);
WOLFSSL_API
int wc_sphincs_check_key(sphincs_key* key);
WOLFSSL_API
int wc_sphincs_size(sphincs_key* key);
WOLFSSL_API
int wc_sphincs_priv_size(sphincs_key* key);
WOLFSSL_API
int wc_sphincs_pub_size(sphincs_key* key);
WOLFSSL_API
int wc_sphincs_sig_size(sphincs_key* key);
WOLFSSL_API int wc_Sphincs_PrivateKeyDecode(const byte* input,
word32* inOutIdx,
sphincs_key* key, word32 inSz);
WOLFSSL_API int wc_Sphincs_PublicKeyDecode(const byte* input,
word32* inOutIdx,
sphincs_key* key, word32 inSz);
WOLFSSL_API int wc_Sphincs_KeyToDer(sphincs_key* key, byte* output,
word32 inLen);
WOLFSSL_API int wc_Sphincs_PrivateKeyToDer(sphincs_key* key, byte* output,
word32 inLen);
WOLFSSL_API int wc_Sphincs_PublicKeyToDer(sphincs_key* key, byte* output,
word32 inLen, int withAlg);
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* HAVE_SPHINCS */
#endif /* WOLF_CRYPT_SPHINCS_H */
+5 -3
View File
@@ -1370,7 +1370,7 @@ enum {
DYNAMIC_TYPE_FALCON = 95,
DYNAMIC_TYPE_SESSION = 96,
DYNAMIC_TYPE_DILITHIUM = 97,
DYNAMIC_TYPE_SPHINCS = 98,
DYNAMIC_TYPE_SPHINCS = 98, /* deprecated: kept for ABI compat */
DYNAMIC_TYPE_SM4_BUFFER = 99,
DYNAMIC_TYPE_DEBUG_TAG = 100,
DYNAMIC_TYPE_LMS = 101,
@@ -2314,7 +2314,9 @@ enum Max_ASN {
DSA_INTS = 5, /* DSA ints in private key */
MAX_SALT_SIZE = 64, /* MAX PKCS Salt length */
MAX_IV_SIZE = 64, /* MAX PKCS Iv length */
#ifdef HAVE_SPHINCS
#ifdef WOLFSSL_HAVE_SLHDSA
/* Largest raw SLH-DSA signature (SHAKE-256f) is 49856 bytes; round up
* to leave headroom for ASN.1 wrapping (BIT STRING tag + length). */
MAX_ENCODED_SIG_SZ = 51200,
#elif defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
MAX_ENCODED_SIG_SZ = 5120,
@@ -2367,7 +2369,7 @@ enum Max_ASN {
/* Maximum DER digest ASN header size */
/* Max X509 header length indicates the
* max length + 2 ('\n', '\0') */
#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) || defined(HAVE_SPHINCS)
#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) || defined(WOLFSSL_HAVE_SLHDSA)
MAX_X509_HEADER_SZ = (48 + 2), /* Maximum PEM Header/Footer Size */
#else
MAX_X509_HEADER_SZ = (37 + 2), /* Maximum PEM Header/Footer Size */
+28 -6
View File
@@ -23,6 +23,13 @@
#define WOLF_CRYPT_WC_SLHDSA_H
#include <wolfssl/wolfcrypt/types.h>
#if FIPS_VERSION3_GE(7,0,0)
#include <wolfssl/wolfcrypt/fips.h>
#endif
#ifdef WOLFSSL_HAVE_SLHDSA
#include <wolfssl/wolfcrypt/random.h>
#include <wolfssl/wolfcrypt/sha3.h>
@@ -32,12 +39,6 @@
#include <wolfssl/wolfcrypt/hmac.h>
#endif
#if FIPS_VERSION3_GE(7,0,0)
#include <wolfssl/wolfcrypt/fips.h>
#endif
#ifdef WOLFSSL_HAVE_SLHDSA
/* ======== SHAKE parameter guards ======== */
#ifdef WOLFSSL_SLHDSA_NO_SHAKE
@@ -693,6 +694,27 @@ WOLFSSL_API int wc_SlhDsaKey_PrivateSizeFromParam(enum SlhDsaParam param);
WOLFSSL_API int wc_SlhDsaKey_PublicSizeFromParam(enum SlhDsaParam param);
WOLFSSL_API int wc_SlhDsaKey_SigSizeFromParam(enum SlhDsaParam param);
/* DER encode/decode */
#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY
WOLFSSL_API int wc_SlhDsaKey_PrivateKeyDecode(const byte* input,
word32* inOutIdx, SlhDsaKey* key, word32 inSz);
#endif
WOLFSSL_API int wc_SlhDsaKey_PublicKeyDecode(const byte* input,
word32* inOutIdx, SlhDsaKey* key, word32 inSz);
#ifdef WC_ENABLE_ASYM_KEY_EXPORT
#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY
WOLFSSL_API int wc_SlhDsaKey_KeyToDer(SlhDsaKey* key, byte* output,
word32 inLen);
/* SLH-DSA has no separate private-only encoding based on RFC 9909. This
* function is an intentional alias of wc_SlhDsaKey_KeyToDer, kept for API
* parity with other algorithms which do have a distinct private form. */
WOLFSSL_API int wc_SlhDsaKey_PrivateKeyToDer(SlhDsaKey* key, byte* output,
word32 inLen);
#endif
WOLFSSL_API int wc_SlhDsaKey_PublicKeyToDer(SlhDsaKey* key, byte* output,
word32 inLen, int withAlg);
#endif
#endif /* WOLFSSL_HAVE_SLHDSA */
#endif /* WOLF_CRYPT_WC_SLHDSA_H */
+1 -1
View File
@@ -341,7 +341,6 @@
<ClCompile Include="..\..\wolfcrypt\src\sha3.c" />
<ClCompile Include="..\..\wolfcrypt\src\sha512.c" />
<ClCompile Include="..\..\wolfcrypt\src\signature.c" />
<ClCompile Include="..\..\wolfcrypt\src\sphincs.c" />
<ClCompile Include="..\..\wolfcrypt\src\sp_c32.c" />
<ClCompile Include="..\..\wolfcrypt\src\sp_c64.c" />
<ClCompile Include="..\..\wolfcrypt\src\sp_int.c" />
@@ -351,6 +350,7 @@
<ClCompile Include="..\..\wolfcrypt\src\wc_encrypt.c" />
<ClCompile Include="..\..\wolfcrypt\src\wc_pkcs11.c" />
<ClCompile Include="..\..\wolfcrypt\src\wc_port.c" />
<ClCompile Include="..\..\wolfcrypt\src\wc_slhdsa.c" />
<ClCompile Include="..\..\wolfcrypt\src\wolfmath.c" />
<ClCompile Include="..\..\wolfcrypt\src\wolfevent.c" />
<ClCompile Include="..\..\wolfcrypt\src\port\liboqs\liboqs.c" />
+1 -1
View File
@@ -111,7 +111,6 @@ if(CONFIG_WOLFSSL)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/sp_dsp32.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/sp_int.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/sp_x86_64.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/sphincs.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/srp.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/tfm.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_dsp.c)
@@ -122,6 +121,7 @@ if(CONFIG_WOLFSSL)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_lms_impl.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_pkcs11.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_port.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_slhdsa.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wolfevent.c)
zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wolfmath.c)