diff --git a/aes_test.go b/aes_test.go index 39cc1600..3125d61f 100644 --- a/aes_test.go +++ b/aes_test.go @@ -81,25 +81,52 @@ func TestNewGCMNonce(t *testing.T) { } func TestSealAndOpen(t *testing.T) { - key := []byte("D249BF6DEC97B1EBD69BC4D6B3A3C49D") - ci, err := openssl.NewAESCipher(key) - if err != nil { - t.Fatal(err) - } - gcm, err := cipher.NewGCM(ci) - if err != nil { - t.Fatal(err) - } - nonce := []byte{0x91, 0xc7, 0xa7, 0x54, 0x52, 0xef, 0x10, 0xdb, 0x91, 0xa8, 0x6c, 0xf9} - plainText := []byte{0x01, 0x02, 0x03} - additionalData := []byte{0x05, 0x05, 0x07} - sealed := gcm.Seal(nil, nonce, plainText, additionalData) - decrypted, err := gcm.Open(nil, nonce, sealed, additionalData) - if err != nil { - t.Error(err) - } - if !bytes.Equal(decrypted, plainText) { - t.Errorf("unexpected decrypted result\ngot: %#v\nexp: %#v", decrypted, plainText) + for _, tt := range aesGCMTests { + t.Run(tt.description, func(t *testing.T) { + ci, err := openssl.NewAESCipher(tt.key) + if err != nil { + t.Fatalf("NewAESCipher() err = %v", err) + } + gcm, err := cipher.NewGCM(ci) + if err != nil { + t.Fatalf("cipher.NewGCM() err = %v", err) + } + + sealed := gcm.Seal(nil, tt.nonce, tt.plaintext, tt.aad) + if !bytes.Equal(sealed, tt.ciphertext) { + t.Errorf("unexpected sealed result\ngot: %#v\nexp: %#v", sealed, tt.ciphertext) + } + + decrypted, err := gcm.Open(nil, tt.nonce, tt.ciphertext, tt.aad) + if err != nil { + t.Errorf("gcm.Open() err = %v", err) + } + if !bytes.Equal(decrypted, tt.plaintext) { + t.Errorf("unexpected decrypted result\ngot: %#v\nexp: %#v", decrypted, tt.plaintext) + } + + // Test that open fails if the ciphertext is modified. + tt.ciphertext[0] ^= 0x80 + _, err = gcm.Open(nil, tt.nonce, tt.ciphertext, tt.aad) + if err != openssl.ErrOpen { + t.Errorf("expected authentication error for tampered message\ngot: %#v", err) + } + tt.ciphertext[0] ^= 0x80 + + // Test that the ciphertext can be opened using a fresh context + // which was not previously used to seal the same message. + gcm, err = cipher.NewGCM(ci) + if err != nil { + t.Fatalf("cipher.NewGCM() err = %v", err) + } + decrypted, err = gcm.Open(nil, tt.nonce, tt.ciphertext, tt.aad) + if err != nil { + t.Errorf("fresh GCM instance: gcm.Open() err = %v", err) + } + if !bytes.Equal(decrypted, tt.plaintext) { + t.Errorf("fresh GCM instance: unexpected decrypted result\ngot: %#v\nexp: %#v", decrypted, tt.plaintext) + } + }) } } diff --git a/cipher.go b/cipher.go index aadba3e7..b56de6a7 100644 --- a/cipher.go +++ b/cipher.go @@ -513,7 +513,7 @@ func newCipherCtx(kind cipherKind, mode cipherMode, encrypt cipherOp, key, iv [] cipher = nil } if C.go_openssl_EVP_CipherInit_ex(ctx, cipher, nil, base(key), base(iv), C.int(encrypt)) != 1 { - return nil, fail("unable to initialize EVP cipher ctx") + return nil, newOpenSSLError("unable to initialize EVP cipher ctx") } return ctx, nil } diff --git a/cmd/gentestvectors/main.go b/cmd/gentestvectors/main.go new file mode 100644 index 00000000..a5150544 --- /dev/null +++ b/cmd/gentestvectors/main.go @@ -0,0 +1,116 @@ +// gentestvectors emits cryptographic test vectors using the Go standard library +// cryptographic routines to test the OpenSSL bindings. +package main + +import ( + "bytes" + "crypto/aes" + "crypto/cipher" + "flag" + "fmt" + "go/format" + "io" + "log" + "math/rand" + "os" + "path/filepath" +) + +var outputPath = flag.String("out", "", "output path (default stdout)") + +func init() { + log.SetFlags(log.Llongfile) + log.SetOutput(os.Stderr) +} + +func main() { + flag.Parse() + + var b bytes.Buffer + fmt.Fprint(&b, "// Code generated by cmd/gentestvectors. DO NOT EDIT.\n\n") + if *outputPath != "" { + fmt.Fprintf(&b, "//go"+":generate go run github.com/golang-fips/openssl/v2/cmd/gentestvectors -out %s\n\n", filepath.Base(*outputPath)) + } + + pkg := "openssl_test" + if gopackage := os.Getenv("GOPACKAGE"); gopackage != "" { + pkg = gopackage + "_test" + } + fmt.Fprintf(&b, "package %s\n\n", pkg) + + aesGCM(&b) + + generated, err := format.Source(b.Bytes()) + if err != nil { + log.Fatalf("failed to format generated code: %v", err) + } + + if *outputPath != "" { + err := os.WriteFile(*outputPath, generated, 0o644) + if err != nil { + log.Fatalf("failed to write output file: %v\n", err) + } + } else { + _, _ = os.Stdout.Write(generated) + } +} + +func aesGCM(w io.Writer) { + r := rand.New(rand.NewSource(0)) + + fmt.Fprintln(w, `var aesGCMTests = []struct { + description string + key, nonce, plaintext, aad, ciphertext []byte +}{`) + + for _, keyLen := range []int{16, 24, 32} { + for _, aadLen := range []int{0, 1, 3, 13, 30} { + for _, plaintextLen := range []int{0, 1, 3, 13, 16, 51} { + if aadLen == 0 && plaintextLen == 0 { + continue + } + + key := randbytes(r, keyLen) + nonce := randbytes(r, 12) + plaintext := randbytes(r, plaintextLen) + aad := randbytes(r, aadLen) + + c, err := aes.NewCipher(key) + if err != nil { + panic(err) + } + aead, err := cipher.NewGCM(c) + if err != nil { + panic(err) + } + ciphertext := aead.Seal(nil, nonce, plaintext, aad) + + fmt.Fprint(w, "\t{\n") + fmt.Fprintf(w, "\t\tdescription: \"AES-%d/AAD=%d/Plaintext=%d\",\n", keyLen*8, aadLen, plaintextLen) + printBytesField(w, "key", key) + printBytesField(w, "nonce", nonce) + printBytesField(w, "plaintext", plaintext) + printBytesField(w, "aad", aad) + printBytesField(w, "ciphertext", ciphertext) + fmt.Fprint(w, "\t},\n") + } + } + } + fmt.Fprintln(w, "}") +} + +func randbytes(r *rand.Rand, n int) []byte { + if n == 0 { + return nil + } + b := make([]byte, n) + r.Read(b) + return b +} + +func printBytesField(w io.Writer, name string, b []byte) { + if len(b) == 0 { + return + } + fmt.Fprintf(w, "\t\t%s: %#v,\n", name, b) +} diff --git a/des.go b/des.go index 98b15d2d..71b13333 100644 --- a/des.go +++ b/des.go @@ -14,9 +14,9 @@ import ( // If CBC is also supported, then the returned cipher.Block // will also implement NewCBCEncrypter and NewCBCDecrypter. func SupportsDESCipher() bool { - // True for stock OpenSSL 1. + // True for stock OpenSSL 1 w/o FIPS. // False for stock OpenSSL 3 unless the legacy provider is available. - return loadCipher(cipherDES, cipherModeECB) != nil + return (versionAtOrAbove(1, 1, 0) || !FIPS()) && loadCipher(cipherDES, cipherModeECB) != nil } // SupportsTripleDESCipher returns true if NewTripleDESCipher is supported, diff --git a/ed25519.go b/ed25519.go index 33e26a55..f66a2a1d 100644 --- a/ed25519.go +++ b/ed25519.go @@ -37,7 +37,7 @@ func SupportsEd25519() bool { onceSupportsEd25519.Do(func() { switch vMajor { case 1: - supportsEd25519 = version1_1_1_or_above() + supportsEd25519 = versionAtOrAbove(1, 1, 1) case 3: name := C.CString("ED25519") defer C.free(unsafe.Pointer(name)) diff --git a/evp.go b/evp.go index 68adf7cd..b2886e69 100644 --- a/evp.go +++ b/evp.go @@ -72,9 +72,13 @@ func cryptoHashToMD(ch crypto.Hash) (md C.GO_EVP_MD_PTR) { } switch ch { case crypto.MD4: - return C.go_openssl_EVP_md4() + if versionAtOrAbove(1, 1, 0) || !FIPS() { + return C.go_openssl_EVP_md4() + } case crypto.MD5: - return C.go_openssl_EVP_md5() + if versionAtOrAbove(1, 1, 0) || !FIPS() { + return C.go_openssl_EVP_md5() + } case crypto.SHA1: return C.go_openssl_EVP_sha1() case crypto.SHA224: @@ -86,19 +90,19 @@ func cryptoHashToMD(ch crypto.Hash) (md C.GO_EVP_MD_PTR) { case crypto.SHA512: return C.go_openssl_EVP_sha512() case crypto.SHA3_224: - if version1_1_1_or_above() { + if versionAtOrAbove(1, 1, 1) { return C.go_openssl_EVP_sha3_224() } case crypto.SHA3_256: - if version1_1_1_or_above() { + if versionAtOrAbove(1, 1, 1) { return C.go_openssl_EVP_sha3_256() } case crypto.SHA3_384: - if version1_1_1_or_above() { + if versionAtOrAbove(1, 1, 1) { return C.go_openssl_EVP_sha3_384() } case crypto.SHA3_512: - if version1_1_1_or_above() { + if versionAtOrAbove(1, 1, 1) { return C.go_openssl_EVP_sha3_512() } } diff --git a/goopenssl.c b/goopenssl.c index ec4adc15..1e428d52 100644 --- a/goopenssl.c +++ b/goopenssl.c @@ -60,12 +60,12 @@ go_openssl_fips_enabled(void* handle) // and assign them to their corresponding function pointer // defined in goopenssl.h. void -go_openssl_load_functions(void* handle, int major, int minor, int patch) +go_openssl_load_functions(void* handle, unsigned int major, unsigned int minor, unsigned int patch) { #define DEFINEFUNC_INTERNAL(name, func) \ _g_##name = dlsym(handle, func); \ if (_g_##name == NULL) { \ - fprintf(stderr, "Cannot get required symbol " #func " from libcrypto version %d.%d\n", major, minor); \ + fprintf(stderr, "Cannot get required symbol " #func " from libcrypto version %u.%u\n", major, minor); \ abort(); \ } #define DEFINEFUNC(ret, func, args, argscall) \ diff --git a/goopenssl.h b/goopenssl.h index d0ffe6cb..a0e2b623 100644 --- a/goopenssl.h +++ b/goopenssl.h @@ -24,7 +24,7 @@ int go_openssl_version_major(void* handle); int go_openssl_version_minor(void* handle); int go_openssl_version_patch(void* handle); int go_openssl_thread_setup(void); -void go_openssl_load_functions(void* handle, int major, int minor, int patch); +void go_openssl_load_functions(void* handle, unsigned int major, unsigned int minor, unsigned int patch); const GO_EVP_MD_PTR go_openssl_EVP_md5_sha1_backport(void); // Define pointers to all the used OpenSSL functions. @@ -144,12 +144,33 @@ go_openssl_EVP_CIPHER_CTX_open_wrapper(const GO_EVP_CIPHER_CTX_PTR ctx, const unsigned char *aad, int aad_len, const unsigned char *tag) { - if (in_len == 0) in = (const unsigned char *)""; + if (in_len == 0) { + in = (const unsigned char *)""; + // OpenSSL 1.0.2 in FIPS mode contains a bug: it will fail to verify + // unless EVP_DecryptUpdate is called at least once with a non-NULL + // output buffer. OpenSSL will not dereference the output buffer when + // the input length is zero, so set it to an arbitrary non-NULL pointer + // to satisfy OpenSSL when the caller only has authenticated additional + // data (AAD) to verify. While a stack-allocated buffer could be used, + // that would risk a stack-corrupting buffer overflow if OpenSSL + // unexpectedly dereferenced it. Instead pass a value which would + // segfault if dereferenced on any modern platform where a NULL-pointer + // dereference would also segfault. + if (out == NULL) out = (unsigned char *)1; + } if (aad_len == 0) aad = (const unsigned char *)""; if (go_openssl_EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, nonce) != 1) return 0; + // OpenSSL 1.0.x FIPS Object Module 2.0 versions below 2.0.5 require that + // the tag be set before the ciphertext, otherwise EVP_DecryptUpdate returns + // an error. At least one extant commercially-supported, FIPS validated + // build of OpenSSL 1.0.2 uses FIPS module version 2.0.1. Set the tag first + // to maximize compatibility with all OpenSSL version combinations. + if (go_openssl_EVP_CIPHER_CTX_ctrl(ctx, GO_EVP_CTRL_GCM_SET_TAG, 16, (unsigned char *)(tag)) != 1) + return 0; + int discard_len, out_len; if (go_openssl_EVP_DecryptUpdate(ctx, NULL, &discard_len, aad, aad_len) != 1 || go_openssl_EVP_DecryptUpdate(ctx, out, &out_len, in, in_len) != 1) @@ -157,9 +178,6 @@ go_openssl_EVP_CIPHER_CTX_open_wrapper(const GO_EVP_CIPHER_CTX_PTR ctx, return 0; } - if (go_openssl_EVP_CIPHER_CTX_ctrl(ctx, GO_EVP_CTRL_GCM_SET_TAG, 16, (unsigned char *)(tag)) != 1) - return 0; - if (go_openssl_EVP_DecryptFinal_ex(ctx, out + out_len, &discard_len) != 1) return 0; diff --git a/hkdf.go b/hkdf.go index 0d33e34a..ac3fbba0 100644 --- a/hkdf.go +++ b/hkdf.go @@ -13,7 +13,7 @@ import ( ) func SupportsHKDF() bool { - return version1_1_1_or_above() + return versionAtOrAbove(1, 1, 1) } func newHKDF(h func() hash.Hash, mode C.int) (*hkdf, error) { diff --git a/init.go b/init.go index 21126ff5..a1466329 100644 --- a/init.go +++ b/init.go @@ -13,7 +13,7 @@ import ( // as reported by the OpenSSL API. // // See Init() for details about file. -func opensslInit(file string) (major, minor, patch int, err error) { +func opensslInit(file string) (major, minor, patch uint, err error) { // Load the OpenSSL shared library using dlopen. handle, err := dlopen(file) if err != nil { @@ -24,12 +24,13 @@ func opensslInit(file string) (major, minor, patch int, err error) { // Notice that major and minor could not match with the version parameter // in case the name of the shared library file differs from the OpenSSL // version it contains. - major = int(C.go_openssl_version_major(handle)) - minor = int(C.go_openssl_version_minor(handle)) - patch = int(C.go_openssl_version_patch(handle)) - if major == -1 || minor == -1 || patch == -1 { + imajor := int(C.go_openssl_version_major(handle)) + iminor := int(C.go_openssl_version_minor(handle)) + ipatch := int(C.go_openssl_version_patch(handle)) + if imajor < 0 || iminor < 0 || ipatch < 0 { return 0, 0, 0, errors.New("openssl: can't retrieve OpenSSL version") } + major, minor, patch = uint(imajor), uint(iminor), uint(ipatch) var supported bool if major == 1 { supported = minor == 0 || minor == 1 @@ -43,7 +44,7 @@ func opensslInit(file string) (major, minor, patch int, err error) { // Load the OpenSSL functions. // See shims.go for the complete list of supported functions. - C.go_openssl_load_functions(handle, C.int(major), C.int(minor), C.int(patch)) + C.go_openssl_load_functions(handle, C.uint(major), C.uint(minor), C.uint(patch)) // Initialize OpenSSL. C.go_openssl_OPENSSL_init() diff --git a/openssl.go b/openssl.go index 14b1a81e..691bb16f 100644 --- a/openssl.go +++ b/openssl.go @@ -19,7 +19,7 @@ import ( var ( // vMajor and vMinor hold the major/minor OpenSSL version. // It is only populated if Init has been called. - vMajor, vMinor, vPatch int + vMajor, vMinor, vPatch uint ) var ( @@ -69,8 +69,12 @@ func Init(file string) error { return initErr } +func utoa(n uint) string { + return strconv.FormatUint(uint64(n), 10) +} + func errUnsupportedVersion() error { - return errors.New("openssl: OpenSSL version: " + strconv.Itoa(vMajor) + "." + strconv.Itoa(vMinor) + "." + strconv.Itoa(vPatch)) + return errors.New("openssl: OpenSSL version: " + utoa(vMajor) + "." + utoa(vMinor) + "." + utoa(vPatch)) } type fail string @@ -407,6 +411,9 @@ func CheckLeaks() { C.go_openssl_do_leak_check() } -func version1_1_1_or_above() bool { - return vMajor > 1 || (vMajor >= 1 && vMinor > 1) || (vMajor >= 1 && vMinor >= 1 && vPatch >= 1) +// versionAtOrAbove returns true when +// (vMajor, vMinor, vPatch) >= (major, minor, patch), +// compared lexicographically. +func versionAtOrAbove(major, minor, patch uint) bool { + return vMajor > major || (vMajor == major && vMinor > minor) || (vMajor == major && vMinor == minor && vPatch >= patch) } diff --git a/rc4.go b/rc4.go index 94a96b20..f8815059 100644 --- a/rc4.go +++ b/rc4.go @@ -8,9 +8,9 @@ import "runtime" // SupportsRC4 returns true if NewRC4Cipher is supported. func SupportsRC4() bool { - // True for stock OpenSSL 1. + // True for stock OpenSSL 1 w/o FIPS. // False for stock OpenSSL 3 unless the legacy provider is available. - return loadCipher(cipherRC4, cipherModeNone) != nil + return (versionAtOrAbove(1, 1, 0) || !FIPS()) && loadCipher(cipherRC4, cipherModeNone) != nil } // A RC4Cipher is an instance of RC4 using a particular key. diff --git a/scripts/openssl.sh b/scripts/openssl.sh index 8ad51029..857f342b 100644 --- a/scripts/openssl.sh +++ b/scripts/openssl.sh @@ -12,13 +12,17 @@ case "$version" in "1.0.2") tag="OpenSSL_1_0_2u" sha256="82fa58e3f273c53128c6fe7e3635ec8cda1319a10ce1ad50a987c3df0deeef05" - config="shared" + fipsmodule_version="2.0.1" + fipsmodule_tag="OpenSSL-fips-2_0_1" + fipsmodule_sha256="6645895f43a0229dd4b89d27874fdd91fee70d9671fff954d3da448d5fc1d331" + config="shared fips --with-fipsdir=/usr/local/src/openssl-fips-$fipsmodule_version/dist" make="build_libs" install="" ;; "1.1.0") tag="OpenSSL_1_1_0l" sha256="e2acf0cf58d9bff2b42f2dc0aee79340c8ffe2c5e45d3ca4533dd5d4f5775b1d" + fipsmodule_version="" config="shared" make="build_libs" install="" @@ -26,6 +30,7 @@ case "$version" in "1.1.1") tag="OpenSSL_1_1_1m" sha256="36ae24ad7cf0a824d0b76ac08861262e47ec541e5d0f20e6d94bab90b2dab360" + fipsmodule_version="" config="shared" make="build_libs" install="" @@ -33,6 +38,7 @@ case "$version" in "3.0.1") tag="openssl-3.0.1"; sha256="2a9dcf05531e8be96c296259e817edc41619017a4bf3e229b4618a70103251d5" + fipsmodule_version="" config="enable-fips" make="build_libs" install="install_fips" @@ -40,6 +46,7 @@ case "$version" in "3.0.9") tag="openssl-3.0.9"; sha256="2eec31f2ac0e126ff68d8107891ef534159c4fcfb095365d4cd4dc57d82616ee" + fipsmodule_version="" config="enable-fips" make="build_libs" install="install_fips" @@ -58,10 +65,35 @@ tar -xzf "$tag.tar.gz" rm -rf "openssl-$version" mv "openssl-$tag" "openssl-$version" +if [ -n "$fipsmodule_version" ]; then + wget -O "$fipsmodule_tag.tar.gz" "https://github.com/openssl/openssl/archive/refs/tags/$fipsmodule_tag.tar.gz" + echo "$fipsmodule_sha256 $fipsmodule_tag.tar.gz" | sha256sum -c - + rm -rf "openssl-$fipsmodule_tag" + tar -xzf "$fipsmodule_tag.tar.gz" + + rm -rf "openssl-fips-$fipsmodule_version" + mv "openssl-$fipsmodule_tag" "openssl-fips-$fipsmodule_version" + ( + cd "openssl-fips-$fipsmodule_version" + mkdir dist + ./config -d shared fipscanisteronly --prefix=$(pwd)/dist + make + make install + ) +fi + cd "openssl-$version" # -d makes a debug build which helps with debugging memory issues and # other problems. It's not necessary for normal use. ./config -d $config + +# OpenSSL 1.0.2 ./config prompts the user to run `make depend` before `make` +# when configuring in debug mode. OpenSSL 1.1.0 and above handle this +# automatically. +if [ "$version" == "1.0.2" ]; then + make depend +fi + make -j$(nproc) $make if [ -n "$install" ]; then make $install diff --git a/vectors_test.go b/vectors_test.go new file mode 100644 index 00000000..5d554dc4 --- /dev/null +++ b/vectors_test.go @@ -0,0 +1,680 @@ +// Code generated by cmd/gentestvectors. DO NOT EDIT. + +//go:generate go run github.com/golang-fips/openssl/v2/cmd/gentestvectors -out vectors_test.go + +package openssl_test + +var aesGCMTests = []struct { + description string + key, nonce, plaintext, aad, ciphertext []byte +}{ + { + description: "AES-128/AAD=0/Plaintext=1", + key: []byte{0x1, 0x94, 0xfd, 0xc2, 0xfa, 0x2f, 0xfc, 0xc0, 0x41, 0xd3, 0xff, 0x12, 0x4, 0x5b, 0x73, 0xc8}, + nonce: []byte{0x6e, 0x4f, 0xf9, 0x5f, 0xf6, 0x62, 0xa5, 0xee, 0xe8, 0x2a, 0xbd, 0xf4}, + plaintext: []byte{0x4a}, + ciphertext: []byte{0x7f, 0x7f, 0x6a, 0x54, 0x3c, 0xba, 0x97, 0x4d, 0x5c, 0x83, 0x4a, 0x63, 0x12, 0x53, 0x56, 0x65, 0xd4}, + }, + { + description: "AES-128/AAD=0/Plaintext=3", + key: []byte{0x2d, 0xb, 0x75, 0xfb, 0x18, 0xd, 0xaf, 0x48, 0xa7, 0x9e, 0xe0, 0xb1, 0xd, 0x39, 0x46, 0x51}, + nonce: []byte{0x85, 0xf, 0xd4, 0xa1, 0x78, 0x89, 0x2e, 0xe2, 0x85, 0xec, 0xe1, 0x51}, + plaintext: []byte{0x14, 0x55, 0x78}, + ciphertext: []byte{0x5, 0xbe, 0x84, 0x9b, 0x3b, 0x4f, 0x42, 0x2b, 0xa7, 0x64, 0xc, 0x94, 0xd9, 0x80, 0xfb, 0x95, 0x16, 0xb6, 0xf7}, + }, + { + description: "AES-128/AAD=0/Plaintext=13", + key: []byte{0x8, 0x75, 0xd6, 0x4e, 0xe2, 0xd3, 0xd0, 0xd0, 0xde, 0x6b, 0xf8, 0xf9, 0xb4, 0x4c, 0xe8, 0x5f}, + nonce: []byte{0xf0, 0x44, 0xc6, 0xb1, 0xf8, 0x3b, 0x8e, 0x88, 0x3b, 0xbf, 0x85, 0x7a}, + plaintext: []byte{0xab, 0x99, 0xc5, 0xb2, 0x52, 0xc7, 0x42, 0x9c, 0x32, 0xf3, 0xa8, 0xae, 0xb7}, + ciphertext: []byte{0x64, 0x4f, 0x8e, 0xc8, 0xaf, 0x62, 0x75, 0x8c, 0x8b, 0xfd, 0xdd, 0x4e, 0x3b, 0x75, 0xff, 0xa0, 0x55, 0xc4, 0x24, 0xe6, 0x3f, 0x33, 0x89, 0xd2, 0x9c, 0xc3, 0x85, 0x51, 0xa0}, + }, + { + description: "AES-128/AAD=0/Plaintext=16", + key: []byte{0x9e, 0xf8, 0x56, 0xf6, 0x59, 0xc1, 0x8f, 0xd, 0xce, 0xcc, 0x77, 0xc7, 0x5e, 0x7a, 0x81, 0xbf}, + nonce: []byte{0xde, 0x27, 0x5f, 0x67, 0xcf, 0xe2, 0x42, 0xcf, 0x3c, 0xc3, 0x54, 0xf3}, + plaintext: []byte{0xed, 0xe2, 0xd6, 0xbe, 0xcc, 0x4e, 0xa3, 0xae, 0x5e, 0x88, 0x52, 0x6a, 0x9f, 0x4a, 0x57, 0x8b}, + ciphertext: []byte{0xe3, 0xd9, 0xca, 0x16, 0xfb, 0x22, 0xdd, 0x87, 0x4, 0x17, 0x7f, 0x73, 0x0, 0xb, 0x80, 0x14, 0xc2, 0x17, 0x5f, 0xba, 0xf1, 0x16, 0xae, 0x3b, 0xe1, 0xec, 0x6, 0x6e, 0xb1, 0xce, 0xaf, 0x4b}, + }, + { + description: "AES-128/AAD=0/Plaintext=51", + key: []byte{0xcb, 0x9e, 0xf2, 0xd4, 0xa6, 0x53, 0x14, 0x76, 0x8d, 0x6d, 0x29, 0x97, 0x61, 0xea, 0x9e, 0x4f}, + nonce: []byte{0x5a, 0xa6, 0xae, 0xc3, 0xfc, 0x78, 0xc6, 0xaa, 0xe0, 0x81, 0xac, 0x81}, + plaintext: []byte{0x20, 0xc7, 0x20, 0xef, 0xcd, 0x6c, 0xea, 0x84, 0xb6, 0x92, 0x5e, 0x60, 0x7b, 0xe0, 0x63, 0x71, 0x6f, 0x96, 0xdd, 0xcd, 0xd0, 0x1d, 0x75, 0x4, 0x5c, 0x3f, 0x0, 0xf, 0x8a, 0x79, 0x6b, 0xce, 0x6c, 0x51, 0x2c, 0x38, 0x1, 0xaa, 0xca, 0xee, 0xdf, 0xad, 0x5b, 0x50, 0x66, 0x64, 0xe8, 0xc0, 0xe4, 0xa7, 0x71}, + ciphertext: []byte{0x30, 0xb8, 0x97, 0xaa, 0xac, 0x79, 0xd3, 0xbd, 0xf3, 0xff, 0x2b, 0x30, 0x24, 0xf6, 0x91, 0xff, 0xc1, 0x8f, 0x95, 0x81, 0xa7, 0xeb, 0x4f, 0x19, 0xfb, 0xd3, 0x33, 0x41, 0x85, 0x13, 0x84, 0xba, 0xa6, 0x7e, 0xd4, 0x56, 0xa3, 0x9c, 0xbb, 0x86, 0x9f, 0xce, 0x55, 0x74, 0x2e, 0x62, 0xc8, 0x2f, 0xd3, 0x53, 0x6c, 0x3a, 0x7f, 0x8b, 0xda, 0x4e, 0x4a, 0x78, 0xac, 0x94, 0x5e, 0xe8, 0xa4, 0xc9, 0xec, 0x8e, 0xad}, + }, + { + description: "AES-128/AAD=1/Plaintext=0", + key: []byte{0xec, 0xe0, 0xb8, 0xb7, 0xc1, 0x96, 0x5d, 0x91, 0x81, 0x25, 0x1b, 0x7c, 0x9c, 0x9c, 0xa5, 0x20}, + nonce: []byte{0x5a, 0xfc, 0x16, 0xa2, 0x36, 0xa2, 0xef, 0xcd, 0xd2, 0xd1, 0x2d, 0x2a}, + aad: []byte{0x79}, + ciphertext: []byte{0xe2, 0x8f, 0x2e, 0x44, 0xd1, 0x48, 0x7, 0xf0, 0x69, 0x70, 0x60, 0x9c, 0x65, 0x94, 0x6d, 0x11}, + }, + { + description: "AES-128/AAD=1/Plaintext=1", + key: []byte{0xd0, 0x74, 0xa8, 0x28, 0xa, 0xe9, 0x43, 0x9e, 0xb0, 0xd6, 0xae, 0xca, 0x8, 0x23, 0xae, 0x2}, + nonce: []byte{0xd6, 0x7d, 0x86, 0x6a, 0xc2, 0xc4, 0xfe, 0x4a, 0x72, 0x50, 0x53, 0xda}, + plaintext: []byte{0x11}, + aad: []byte{0x9b}, + ciphertext: []byte{0xd, 0x1b, 0x31, 0x58, 0x25, 0x4e, 0x74, 0x28, 0xc2, 0xb1, 0x5b, 0x53, 0xc, 0x1b, 0xe6, 0x51, 0xad}, + }, + { + description: "AES-128/AAD=1/Plaintext=3", + key: []byte{0x9d, 0x4f, 0x51, 0x51, 0x40, 0xa2, 0xd7, 0x23, 0x9c, 0x40, 0xb4, 0x5a, 0xc3, 0x95, 0xd, 0x94}, + nonce: []byte{0x1f, 0xc4, 0xfe, 0x1c, 0xc, 0xb9, 0x6a, 0xd3, 0x22, 0xd6, 0x22, 0x82}, + plaintext: []byte{0x29, 0x5f, 0xbf}, + aad: []byte{0xe1}, + ciphertext: []byte{0xdd, 0x69, 0xe6, 0xea, 0xc, 0xf8, 0x3e, 0xfb, 0xb6, 0x64, 0x13, 0x7, 0x0, 0xaa, 0x58, 0xac, 0x9b, 0x26, 0x80}, + }, + { + description: "AES-128/AAD=1/Plaintext=13", + key: []byte{0x1e, 0x26, 0xa4, 0x33, 0x7, 0x6d, 0xb5, 0xc1, 0x44, 0x4c, 0x3a, 0x34, 0xd3, 0x2a, 0x5c, 0x4a}, + nonce: []byte{0x7f, 0xfb, 0xe8, 0xd1, 0x81, 0xf7, 0xed, 0x3b, 0x8c, 0xfe, 0x90, 0x4f}, + plaintext: []byte{0x93, 0xf8, 0xf0, 0x6d, 0x29, 0xbc, 0xd9, 0xed, 0x84, 0x7b, 0x18, 0x2e, 0x4}, + aad: []byte{0x64}, + ciphertext: []byte{0x43, 0x1b, 0xae, 0xea, 0xf3, 0xed, 0xf0, 0x40, 0x96, 0xb1, 0x6a, 0x16, 0xef, 0x4f, 0x64, 0x9d, 0xe8, 0x88, 0x30, 0x1a, 0xeb, 0x3d, 0x85, 0x45, 0xb7, 0x14, 0xf7, 0x4a, 0x57}, + }, + { + description: "AES-128/AAD=1/Plaintext=16", + key: []byte{0x10, 0xf4, 0x4b, 0xc4, 0xb0, 0xf3, 0xf0, 0x3a, 0xd, 0x6, 0x82, 0xa, 0x30, 0xf2, 0x57, 0xf8}, + nonce: []byte{0x11, 0x41, 0x30, 0x67, 0x8a, 0xc0, 0x45, 0x86, 0xc1, 0xe3, 0xc9, 0x34}, + plaintext: []byte{0x2c, 0x8b, 0x80, 0x55, 0xc4, 0x66, 0xd8, 0x86, 0x44, 0x1d, 0x25, 0x99, 0x6, 0xd6, 0x9a, 0xcd}, + aad: []byte{0x89}, + ciphertext: []byte{0x6, 0xcf, 0xd5, 0x33, 0xd3, 0x96, 0x3d, 0x7e, 0xe1, 0x2b, 0xba, 0x49, 0x2f, 0x4, 0x68, 0xd1, 0x5d, 0xfb, 0xd6, 0xdc, 0xf1, 0xee, 0x41, 0x9b, 0xa5, 0x6e, 0x27, 0x30, 0x9f, 0x1a, 0x6f, 0xf}, + }, + { + description: "AES-128/AAD=1/Plaintext=51", + key: []byte{0x4b, 0x96, 0x8a, 0xe9, 0xf0, 0xeb, 0x9d, 0x96, 0x5c, 0xe6, 0xa4, 0x69, 0x3c, 0x4e, 0xbe, 0x88}, + nonce: []byte{0x15, 0x1, 0xb7, 0xd9, 0x84, 0x6b, 0x66, 0xeb, 0x2, 0xb5, 0x7e, 0x5c}, + plaintext: []byte{0xda, 0x7b, 0x6c, 0xba, 0x68, 0x91, 0xd6, 0x16, 0xbd, 0x68, 0x6c, 0x37, 0xb8, 0x34, 0x61, 0x3a, 0xc8, 0xba, 0xa2, 0x2c, 0x0, 0x8f, 0xfe, 0x68, 0x83, 0x52, 0x73, 0x4a, 0xe4, 0xe3, 0xf1, 0x21, 0x7a, 0xcd, 0x5f, 0x83, 0x27, 0x8, 0x14, 0x30, 0x18, 0x67, 0xb5, 0xd0, 0x67, 0x11, 0xb2, 0x38, 0x0, 0x1c, 0x79}, + aad: []byte{0x57}, + ciphertext: []byte{0x3e, 0xa5, 0xc8, 0x79, 0x40, 0x6a, 0xb2, 0xb4, 0xaa, 0xfc, 0x9d, 0x68, 0xc, 0x65, 0xe9, 0xe0, 0xb4, 0x69, 0xc8, 0x37, 0x30, 0x13, 0x27, 0xef, 0x2d, 0xec, 0x21, 0xc6, 0x13, 0xce, 0xb0, 0x98, 0x7d, 0xb2, 0xda, 0xdf, 0x38, 0x67, 0xe1, 0xfd, 0xe3, 0x5d, 0xa, 0x55, 0xd3, 0x89, 0x66, 0x96, 0xdd, 0xbf, 0x2d, 0x37, 0x25, 0xc3, 0x75, 0x31, 0x81, 0xf2, 0x8e, 0xe5, 0x6b, 0x81, 0xb0, 0x6c, 0xc, 0xf4, 0x35}, + }, + { + description: "AES-128/AAD=3/Plaintext=0", + key: []byte{0xb2, 0x77, 0x19, 0xce, 0x3f, 0x31, 0x88, 0xdf, 0xe5, 0x7d, 0xee, 0xbf, 0x6f, 0x82, 0x59, 0x5a}, + nonce: []byte{0x10, 0xf7, 0xbb, 0x56, 0x2c, 0xa0, 0x4d, 0x5c, 0x3d, 0x27, 0x94, 0x29}, + aad: []byte{0x58, 0xc6, 0xdb}, + ciphertext: []byte{0x91, 0xfe, 0x27, 0x19, 0x43, 0x7f, 0xc6, 0x2a, 0xc, 0xda, 0xd, 0xbb, 0x2f, 0x1b, 0xc, 0x68}, + }, + { + description: "AES-128/AAD=3/Plaintext=1", + key: []byte{0x32, 0x62, 0x67, 0x6, 0x49, 0xf3, 0xbc, 0x97, 0xd9, 0xa2, 0x31, 0x67, 0x35, 0xed, 0xe6, 0x82}, + nonce: []byte{0xa5, 0xdf, 0xe6, 0xf1, 0xa0, 0x11, 0xfb, 0xc9, 0x8a, 0xd0, 0xfb, 0xe7}, + plaintext: []byte{0x90}, + aad: []byte{0x0, 0x3c, 0x1}, + ciphertext: []byte{0x2b, 0x75, 0x92, 0x7, 0x5e, 0xa4, 0x29, 0x4e, 0x85, 0x3a, 0x70, 0x3c, 0x93, 0xfa, 0x78, 0x36, 0x16}, + }, + { + description: "AES-128/AAD=3/Plaintext=3", + key: []byte{0xe8, 0xe9, 0x96, 0x77, 0x3, 0xaf, 0x66, 0x5e, 0x9f, 0x72, 0x40, 0x7f, 0x4b, 0x3, 0xd4, 0xfd}, + nonce: []byte{0xb4, 0x74, 0xaa, 0xfe, 0x8a, 0xd, 0x3e, 0x5, 0x15, 0xdd, 0x46, 0x50}, + plaintext: []byte{0xcf, 0x51, 0x17}, + aad: []byte{0x2b, 0x81, 0x24}, + ciphertext: []byte{0x31, 0xf3, 0x5, 0x27, 0xbc, 0x3c, 0x84, 0xc1, 0x4b, 0x94, 0x68, 0x5, 0x8, 0x67, 0xe3, 0xb7, 0x36, 0xc5, 0x2}, + }, + { + description: "AES-128/AAD=3/Plaintext=13", + key: []byte{0x8b, 0xcb, 0x7f, 0x96, 0x9e, 0x40, 0xb, 0x6c, 0x5b, 0x12, 0x77, 0x68, 0xb1, 0xc4, 0x12, 0xfa}, + nonce: []byte{0xe9, 0x8c, 0xf5, 0x76, 0x31, 0xcf, 0x37, 0x3, 0x3b, 0x4b, 0x4a, 0xba}, + plaintext: []byte{0x7d, 0x7e, 0xd3, 0x19, 0xba, 0x14, 0x72, 0x49, 0xc9, 0x8, 0xac, 0x70, 0xd1}, + aad: []byte{0xc4, 0x6, 0xda}, + ciphertext: []byte{0x77, 0xc1, 0x30, 0xd9, 0x3, 0x51, 0x4f, 0x8d, 0x3f, 0xd8, 0x2f, 0x52, 0xf1, 0xb0, 0xc9, 0x45, 0x73, 0xc1, 0x46, 0x0, 0x4c, 0xb7, 0xf3, 0xde, 0xb3, 0xe8, 0x82, 0xe8, 0xcf}, + }, + { + description: "AES-128/AAD=3/Plaintext=16", + key: []byte{0xde, 0xe, 0x82, 0x8e, 0xb6, 0xba, 0xd, 0xca, 0xa8, 0x82, 0x85, 0x54, 0x3e, 0x10, 0x21, 0x3c}, + nonce: []byte{0x64, 0x3f, 0xc8, 0x60, 0x3b, 0x58, 0x60, 0x23, 0x66, 0x70, 0xba, 0xbc}, + plaintext: []byte{0xad, 0xb, 0xd7, 0xf4, 0xc4, 0x19, 0xe, 0x32, 0x36, 0x23, 0xa8, 0x68, 0xd1, 0xea, 0xe1, 0x76}, + aad: []byte{0x9f, 0x40, 0xa2}, + ciphertext: []byte{0xea, 0xc6, 0x6e, 0x48, 0x11, 0xec, 0x51, 0xef, 0x4, 0x5c, 0xef, 0xeb, 0xa7, 0x69, 0x68, 0xac, 0x36, 0x2f, 0xbf, 0x4e, 0x4a, 0x95, 0x98, 0x5, 0xc2, 0x6c, 0xcf, 0xa1, 0xef, 0xcd, 0x26, 0x36}, + }, + { + description: "AES-128/AAD=3/Plaintext=51", + key: []byte{0x66, 0x31, 0x43, 0x1b, 0x3b, 0xd5, 0x21, 0x56, 0x5, 0xd2, 0x8, 0x6f, 0xea, 0xd4, 0x99, 0xac}, + nonce: []byte{0x63, 0xa4, 0x65, 0x3d, 0x12, 0x28, 0x3d, 0x56, 0x1, 0x9c, 0x37, 0x95}, + plaintext: []byte{0xa9, 0x8a, 0x12, 0x6d, 0x9, 0xcf, 0xcb, 0xe3, 0x6c, 0xdc, 0xc9, 0x37, 0x88, 0xa5, 0x40, 0x9f, 0x8b, 0x6e, 0x42, 0xc2, 0xdd, 0x83, 0xaa, 0x46, 0x61, 0x18, 0x52, 0xad, 0xb, 0x50, 0x28, 0x77, 0x5c, 0x77, 0x16, 0x90, 0xb6, 0x85, 0x4e, 0x5, 0xb3, 0x77, 0x24, 0x1e, 0x73, 0xa8, 0x83, 0xdd, 0x77, 0xaf, 0xf0}, + aad: []byte{0x30, 0x2c, 0x6d}, + ciphertext: []byte{0x9, 0xcb, 0xde, 0x0, 0xab, 0xe9, 0x13, 0x6d, 0x71, 0xe7, 0x7f, 0x85, 0x8f, 0x52, 0xcb, 0xe4, 0xa1, 0xa3, 0x43, 0xfb, 0xa, 0x16, 0x28, 0xd5, 0x54, 0xea, 0x7d, 0x86, 0x93, 0xe7, 0x36, 0x43, 0x96, 0x18, 0xc4, 0xf7, 0xa, 0x9e, 0x18, 0x15, 0x72, 0x5a, 0x67, 0xc1, 0x80, 0x68, 0x28, 0x91, 0xb0, 0x19, 0x9c, 0xd2, 0xe2, 0x41, 0x7f, 0x8c, 0x3a, 0xf9, 0x59, 0x2c, 0x22, 0x95, 0xda, 0xf1, 0x37, 0x7c, 0x0}, + }, + { + description: "AES-128/AAD=13/Plaintext=0", + key: []byte{0xa8, 0x66, 0x5c, 0x42, 0x34, 0x1d, 0xda, 0x4a, 0xda, 0xea, 0x59, 0x5a, 0xb1, 0x89, 0x5f, 0x96}, + nonce: []byte{0x52, 0x48, 0x9d, 0xd2, 0xce, 0xb4, 0x9c, 0x24, 0x74, 0x30, 0x3c, 0xbb}, + aad: []byte{0x44, 0xc2, 0xb9, 0x43, 0x3, 0xdb, 0x66, 0x2c, 0x9c, 0x66, 0xb8, 0x78, 0x29}, + ciphertext: []byte{0x72, 0x94, 0x34, 0x8d, 0x35, 0x1d, 0xa0, 0x8b, 0xfe, 0xf3, 0xca, 0xe2, 0xc9, 0xfd, 0xfd, 0x6c}, + }, + { + description: "AES-128/AAD=13/Plaintext=1", + key: []byte{0x5, 0x19, 0xf, 0x1e, 0x16, 0x35, 0xb6, 0x3e, 0x34, 0x87, 0x8d, 0x3f, 0x24, 0x6f, 0xad, 0xfc}, + nonce: []byte{0xe3, 0x44, 0xe7, 0x4e, 0xf8, 0x13, 0x9, 0xf, 0x80, 0x30, 0xbc, 0xd5}, + plaintext: []byte{0x25}, + aad: []byte{0xac, 0x10, 0x65, 0x3f, 0xf1, 0x82, 0xe0, 0x1, 0x20, 0xf7, 0xe1, 0xf7, 0x96}, + ciphertext: []byte{0xb, 0xdd, 0x26, 0xe6, 0x98, 0xde, 0x50, 0xdf, 0xbc, 0x17, 0x2d, 0xb3, 0x58, 0x4c, 0xa7, 0xd1, 0xd5}, + }, + { + description: "AES-128/AAD=13/Plaintext=3", + key: []byte{0xfa, 0xf, 0xc1, 0x6b, 0xa7, 0xbb, 0x90, 0xbe, 0x2a, 0x33, 0xe8, 0x7c, 0x3d, 0x60, 0xab, 0x62}, + nonce: []byte{0x84, 0x71, 0xa4, 0x20, 0x83, 0x43, 0x83, 0x66, 0x18, 0x1, 0xbb, 0xb}, + plaintext: []byte{0xfd, 0x8e, 0x6c}, + aad: []byte{0x14, 0x0, 0x71, 0xdb, 0x1e, 0xb2, 0xf7, 0xa1, 0x81, 0x94, 0xf1, 0xa0, 0x45}, + ciphertext: []byte{0x70, 0x40, 0x15, 0x60, 0x5d, 0xd6, 0xd2, 0x43, 0x95, 0xbe, 0x61, 0xff, 0x16, 0x89, 0x84, 0x6, 0x2b, 0x5a, 0x4b}, + }, + { + description: "AES-128/AAD=13/Plaintext=13", + key: []byte{0xa9, 0x4c, 0x7, 0x88, 0x35, 0xc7, 0x5d, 0xff, 0x2f, 0x3e, 0x83, 0x61, 0x80, 0xba, 0xad, 0x9e}, + nonce: []byte{0x95, 0x5d, 0xa8, 0x40, 0xdc, 0x74, 0xc4, 0xdc, 0x24, 0x98, 0xf8, 0xc2}, + plaintext: []byte{0x1, 0xae, 0xc2, 0x54, 0xa0, 0xe3, 0x64, 0x76, 0xb2, 0xee, 0xb1, 0x24, 0xfd}, + aad: []byte{0xc6, 0xaf, 0xc1, 0xb7, 0xd8, 0x9, 0xc5, 0xe0, 0x8b, 0x5e, 0xe, 0x84, 0x5a}, + ciphertext: []byte{0xcc, 0x2c, 0xee, 0x14, 0x68, 0x9b, 0x55, 0x98, 0x30, 0x51, 0x29, 0xc8, 0x10, 0x0, 0xa2, 0xf3, 0xec, 0xf5, 0xda, 0x94, 0x52, 0xf, 0x8e, 0x25, 0xd7, 0xc3, 0xf1, 0x56, 0x2c}, + }, + { + description: "AES-128/AAD=13/Plaintext=16", + key: []byte{0xaf, 0x9b, 0x6c, 0x39, 0x57, 0xe9, 0x5a, 0xb4, 0xaa, 0x8e, 0x10, 0x7c, 0xdb, 0x87, 0x3f, 0x2d}, + nonce: []byte{0xac, 0x52, 0x7f, 0x16, 0xc4, 0xd5, 0xac, 0x87, 0x60, 0x76, 0x8a, 0x71}, + plaintext: []byte{0x5e, 0x46, 0x69, 0xcb, 0x84, 0xc, 0x25, 0x31, 0x7f, 0x9a, 0x36, 0x87, 0x74, 0xe5, 0x6, 0x34}, + aad: []byte{0x1a, 0xfb, 0x46, 0x50, 0x3e, 0x28, 0xe9, 0x2e, 0x51, 0xbd, 0x7f, 0x7d, 0x4b}, + ciphertext: []byte{0x61, 0xba, 0x95, 0x67, 0xe3, 0xc4, 0xb6, 0x1e, 0x48, 0x27, 0x85, 0x2f, 0xf5, 0x65, 0x30, 0xb1, 0x51, 0x32, 0x3b, 0x17, 0x73, 0xf2, 0xbf, 0x5a, 0x13, 0x34, 0x7e, 0xb3, 0x66, 0xa2, 0x53, 0x15}, + }, + { + description: "AES-128/AAD=13/Plaintext=51", + key: []byte{0x53, 0xb9, 0x2, 0x3d, 0x56, 0xf9, 0xb9, 0xec, 0x99, 0x1a, 0xc2, 0xa9, 0xd9, 0xbc, 0x45, 0xff}, + nonce: []byte{0x64, 0xbb, 0x2b, 0xf1, 0x4d, 0x40, 0x51, 0xa7, 0x60, 0x4b, 0x28, 0xba}, + plaintext: []byte{0xd4, 0x4d, 0x98, 0xbf, 0xe3, 0xe, 0x54, 0xeb, 0xc0, 0x7f, 0xa4, 0x5f, 0x62, 0xaa, 0xbe, 0x39, 0x5c, 0xc9, 0x4f, 0xa0, 0xa0, 0xf2, 0x46, 0xb5, 0xd2, 0x8b, 0x2e, 0x3f, 0x6d, 0xeb, 0x29, 0x90, 0x18, 0x70, 0x58, 0xe4, 0xbf, 0xd2, 0xd1, 0x64, 0x6, 0x53, 0xfc, 0x38, 0xa3, 0xb, 0xf, 0x83, 0x23, 0x1a, 0x96}, + aad: []byte{0x5b, 0x41, 0x3b, 0xf, 0x26, 0x92, 0x7e, 0xd, 0x3, 0x2e, 0x83, 0xb, 0x73}, + ciphertext: []byte{0xd5, 0x26, 0x48, 0xc4, 0xcb, 0xb2, 0xa6, 0x34, 0xc4, 0xe7, 0x99, 0x8c, 0x7e, 0xc8, 0x2, 0x96, 0x4a, 0x42, 0x10, 0x25, 0x7f, 0xb8, 0x94, 0x62, 0x69, 0xfd, 0xd6, 0xd1, 0xec, 0xaa, 0x65, 0x14, 0xb0, 0x39, 0x7, 0x23, 0xbd, 0x2f, 0xbb, 0x4e, 0x44, 0xd, 0xf2, 0x61, 0xfe, 0xd8, 0xed, 0x81, 0xe4, 0xf8, 0x58, 0x36, 0x9, 0x1c, 0x67, 0x4f, 0xaf, 0x8a, 0x1b, 0x87, 0xf2, 0x8b, 0x4a, 0x19, 0xb7, 0x4f, 0x37}, + }, + { + description: "AES-128/AAD=30/Plaintext=0", + key: []byte{0x2b, 0xde, 0xb3, 0x9, 0x4c, 0xb1, 0xa5, 0xfa, 0x6d, 0xec, 0x9f, 0x6, 0x37, 0x5e, 0xa2, 0x5f}, + nonce: []byte{0xe5, 0x7c, 0x28, 0x53, 0xea, 0x9, 0x32, 0xa, 0xc8, 0x80, 0x39, 0x76}, + aad: []byte{0xea, 0xca, 0xa0, 0x95, 0xc0, 0x2f, 0x86, 0x9f, 0xd7, 0xdc, 0x31, 0x7, 0x24, 0x75, 0x94, 0xc, 0x37, 0x51, 0xd5, 0x62, 0x83, 0xc4, 0x9e, 0x2f, 0xef, 0xd4, 0x1d, 0xf6, 0x76, 0xbd}, + ciphertext: []byte{0xfb, 0xe4, 0xc6, 0xa0, 0x7, 0x97, 0x70, 0x86, 0x63, 0x4e, 0x98, 0xfb, 0x2, 0xed, 0xd4, 0xb2}, + }, + { + description: "AES-128/AAD=30/Plaintext=1", + key: []byte{0xcb, 0x58, 0x55, 0xa0, 0x47, 0xe, 0xfd, 0x2d, 0xab, 0x7a, 0x72, 0xcc, 0x5e, 0x5f, 0x39, 0xff}, + nonce: []byte{0x7e, 0xea, 0xf, 0x43, 0x3a, 0x9f, 0xe7, 0xb6, 0xa6, 0x75, 0xbc, 0x2a}, + plaintext: []byte{0xc5}, + aad: []byte{0xc, 0xd2, 0x18, 0xc0, 0x9, 0xe2, 0x1f, 0x91, 0xf, 0x9d, 0xdb, 0x9, 0xa0, 0xd0, 0x59, 0xc4, 0xcd, 0x7d, 0x2c, 0xa6, 0x5a, 0x23, 0x49, 0xdf, 0x7a, 0x86, 0x7d, 0xbe, 0xdd, 0x81}, + ciphertext: []byte{0x15, 0x97, 0x60, 0x60, 0x12, 0xb4, 0x2b, 0xde, 0x2f, 0xd3, 0x23, 0xb6, 0x18, 0x6d, 0xfa, 0x4f, 0x5c}, + }, + { + description: "AES-128/AAD=30/Plaintext=3", + key: []byte{0xe9, 0xd4, 0x89, 0x16, 0x19, 0xc8, 0x3c, 0x42, 0x89, 0x5c, 0xe1, 0xb6, 0x71, 0xcb, 0x7a, 0x4b}, + nonce: []byte{0xca, 0xed, 0x91, 0x30, 0xab, 0x1d, 0xd4, 0xcc, 0x2d, 0x81, 0x47, 0xa1}, + plaintext: []byte{0x59, 0x50, 0x56}, + aad: []byte{0xb5, 0x5f, 0x92, 0xa3, 0x55, 0xdb, 0x76, 0x5a, 0xdc, 0x8d, 0x3d, 0xf8, 0x8e, 0xb9, 0x3d, 0x52, 0x7f, 0x7f, 0x7e, 0xc8, 0x69, 0xa7, 0x57, 0x3, 0xba, 0x86, 0xd4, 0xb3, 0x61, 0x10}, + ciphertext: []byte{0x20, 0x61, 0xb9, 0x3, 0x46, 0x50, 0xb6, 0x46, 0x85, 0xd3, 0x3b, 0xa5, 0xa6, 0x76, 0xc4, 0x96, 0xe4, 0x7, 0x16}, + }, + { + description: "AES-128/AAD=30/Plaintext=13", + key: []byte{0xe9, 0xa0, 0x44, 0x59, 0x3c, 0x96, 0x68, 0x15, 0xd1, 0x53, 0x66, 0x53, 0x87, 0xdc, 0x38, 0xe5}, + nonce: []byte{0x7, 0xe7, 0x45, 0x8d, 0xf3, 0xe6, 0xb0, 0xf0, 0x40, 0x35, 0xef, 0x94}, + plaintext: []byte{0x19, 0x88, 0x3e, 0x3, 0xc0, 0x8e, 0x2d, 0x75, 0x3b, 0x8, 0xc9, 0x9, 0xa}, + aad: []byte{0xab, 0xf1, 0x75, 0xfd, 0xb6, 0x3e, 0x8c, 0xf9, 0xa5, 0xf0, 0x78, 0x37, 0x4, 0xc7, 0x41, 0xc1, 0x95, 0x15, 0x76, 0x26, 0x40, 0x1d, 0x94, 0x9e, 0xaa, 0x6d, 0xbd, 0x4, 0xd7, 0xad}, + ciphertext: []byte{0x3c, 0x76, 0x67, 0xee, 0xae, 0xa, 0x32, 0x57, 0x62, 0xd5, 0xcc, 0xb9, 0x4c, 0xe7, 0x42, 0x77, 0x2a, 0x4b, 0x7d, 0x3, 0x17, 0x17, 0xe1, 0x63, 0x75, 0x46, 0x1f, 0x50, 0xe3}, + }, + { + description: "AES-128/AAD=30/Plaintext=16", + key: []byte{0xe5, 0x74, 0x9e, 0xab, 0x54, 0x70, 0xbf, 0x5e, 0x9c, 0x18, 0xcc, 0x79, 0xdd, 0xa4, 0xe1, 0x2e}, + nonce: []byte{0xfe, 0x56, 0x4e, 0xcb, 0x8a, 0x40, 0x19, 0xe1, 0xc4, 0x1f, 0x2d, 0x82}, + plaintext: []byte{0x17, 0xc0, 0xc3, 0xa4, 0x37, 0x12, 0xae, 0x22, 0x6f, 0xce, 0x77, 0x66, 0x31, 0xae, 0x19, 0xb3}, + aad: []byte{0x26, 0xa4, 0x11, 0xa2, 0x84, 0x74, 0x1b, 0xe0, 0x1f, 0xb4, 0xf3, 0xae, 0xfc, 0x5d, 0xef, 0x96, 0x8e, 0xb6, 0xcc, 0xeb, 0x86, 0x4, 0x86, 0x4b, 0x4b, 0x9a, 0xd3, 0x73, 0xcb, 0xac}, + ciphertext: []byte{0xec, 0x67, 0x53, 0x45, 0x87, 0x5d, 0xf5, 0x8c, 0x71, 0xd, 0x4, 0xb6, 0x2, 0x16, 0xc2, 0xc1, 0xb4, 0x8e, 0x68, 0xda, 0x2e, 0x9a, 0x66, 0x31, 0xcf, 0xe1, 0x90, 0x9a, 0xe7, 0xa7, 0x9e, 0xe5}, + }, + { + description: "AES-128/AAD=30/Plaintext=51", + key: []byte{0x10, 0xea, 0x7e, 0x66, 0x5b, 0x29, 0x4a, 0x8a, 0x79, 0x6, 0x91, 0xaa, 0x52, 0x46, 0xe6, 0xff}, + nonce: []byte{0x8f, 0xd0, 0xb7, 0xfb, 0x9b, 0x9a, 0x6a, 0x95, 0x8e, 0xbf, 0x28, 0xec}, + plaintext: []byte{0x5e, 0x8f, 0xaa, 0x63, 0x4a, 0x75, 0x2a, 0xc9, 0x71, 0xc0, 0xbc, 0xc, 0x63, 0x70, 0x4, 0xce, 0xe2, 0x62, 0xce, 0xf1, 0x2e, 0x7c, 0xf6, 0xd9, 0xcd, 0x77, 0x72, 0x51, 0x3d, 0xbd, 0x46, 0x61, 0x76, 0xa0, 0x7a, 0xb7, 0xc4, 0xf4, 0x65, 0xfe, 0x9, 0x74, 0x77, 0x79, 0xc3, 0x14, 0x95, 0xe6, 0x89, 0xb6, 0x5f}, + aad: []byte{0x55, 0x7b, 0xa, 0x4a, 0xf6, 0x53, 0x58, 0x80, 0xb8, 0x25, 0x53, 0xd1, 0x26, 0xff, 0x72, 0x13, 0x54, 0x29, 0x5, 0x5a, 0x64, 0x74, 0x95, 0x99, 0x33, 0x3e, 0x96, 0x55, 0xb4, 0x3a}, + ciphertext: []byte{0x81, 0xa8, 0x96, 0xf3, 0xc6, 0xd5, 0xf, 0x42, 0x27, 0x23, 0x88, 0x6b, 0xc5, 0x5b, 0x3d, 0x1, 0x29, 0xe1, 0x69, 0x29, 0xc8, 0x29, 0xed, 0x95, 0x29, 0xc3, 0xf1, 0x95, 0x2, 0xd3, 0x49, 0x61, 0x20, 0xf1, 0x1a, 0xc0, 0x31, 0x35, 0x20, 0xac, 0xd7, 0xba, 0x36, 0x18, 0x98, 0x96, 0x9c, 0xf, 0x95, 0xf5, 0xed, 0x1a, 0xaa, 0x4f, 0x6a, 0xb5, 0x4, 0xae, 0x4a, 0xd0, 0x36, 0x9f, 0xd4, 0x90, 0xb9, 0xc9, 0xb9}, + }, + { + description: "AES-192/AAD=0/Plaintext=1", + key: []byte{0xa3, 0x67, 0x28, 0xbb, 0x63, 0xbd, 0x28, 0x64, 0x27, 0x44, 0x1b, 0xaa, 0x9f, 0x30, 0x5d, 0x5c, 0x25, 0xe0, 0x52, 0x29, 0xbb, 0x33, 0x2f, 0x7e}, + nonce: []byte{0x83, 0x75, 0xb7, 0xc4, 0x5e, 0x1e, 0xa0, 0x46, 0x1d, 0x33, 0x3c, 0x3c}, + plaintext: []byte{0x72}, + ciphertext: []byte{0xbc, 0xa5, 0xa3, 0x68, 0xfa, 0xdb, 0x26, 0x26, 0xea, 0x81, 0x74, 0xa8, 0x88, 0x1e, 0xa4, 0xe1, 0xe2}, + }, + { + description: "AES-192/AAD=0/Plaintext=3", + key: []byte{0x5f, 0x74, 0x67, 0xb4, 0x41, 0xb7, 0xd0, 0xf5, 0xe8, 0x2, 0x42, 0xb7, 0xa4, 0xa1, 0x8e, 0xda, 0xe8, 0x7a, 0xf2, 0x62, 0xa1, 0xd, 0x33, 0xfc}, + nonce: []byte{0xd, 0x7d, 0x9a, 0xa, 0x46, 0x34, 0xf0, 0x7b, 0xea, 0x5c, 0x5a, 0x0}, + plaintext: []byte{0x21, 0x2f, 0xbc}, + ciphertext: []byte{0xa2, 0xd6, 0xad, 0x32, 0x96, 0xc0, 0xc5, 0x98, 0x8e, 0x5d, 0x4d, 0xfd, 0xa3, 0x12, 0x1e, 0xb6, 0x8b, 0x80, 0xfc}, + }, + { + description: "AES-192/AAD=0/Plaintext=13", + key: []byte{0x59, 0x1b, 0xdd, 0xfe, 0xbb, 0x94, 0x33, 0x4f, 0x4a, 0x2d, 0x92, 0x86, 0x73, 0xd2, 0x62, 0xad, 0xab, 0xaa, 0x82, 0x98, 0x3b, 0x94, 0x96, 0x5f}, + nonce: []byte{0x55, 0xcb, 0x92, 0x8c, 0x68, 0x3f, 0x47, 0x42, 0xc1, 0x20, 0x99, 0xb7}, + plaintext: []byte{0x32, 0xbd, 0x3, 0x63, 0x9c, 0x19, 0x79, 0x75, 0x2d, 0x83, 0x75, 0x18, 0x24}, + ciphertext: []byte{0x6a, 0x6d, 0x86, 0x70, 0xe, 0x5d, 0xee, 0x1a, 0xe7, 0x69, 0x9e, 0xf2, 0x9c, 0xcc, 0xb5, 0x6e, 0x3e, 0x26, 0x83, 0x4a, 0xb6, 0xe, 0xce, 0x51, 0xd, 0xa3, 0x39, 0x70, 0x9}, + }, + { + description: "AES-192/AAD=0/Plaintext=16", + key: []byte{0x3b, 0x74, 0xd6, 0x73, 0x1, 0x24, 0x5e, 0xfe, 0x56, 0x61, 0xea, 0xa0, 0x42, 0x89, 0x17, 0xf5, 0x5a, 0x58, 0xcc, 0x33, 0xdb, 0x28, 0x4d, 0x1f}, + nonce: []byte{0x2c, 0xaa, 0x5, 0xf1, 0xfd, 0x7b, 0x66, 0x2, 0x98, 0xf, 0x6, 0xd1}, + plaintext: []byte{0x7, 0x23, 0xb, 0xf3, 0x10, 0xb4, 0x8c, 0xf6, 0x29, 0x42, 0x1, 0x7d, 0xd6, 0x68, 0xe, 0xb3}, + ciphertext: []byte{0x2, 0xef, 0x3d, 0xfd, 0x20, 0x66, 0x6f, 0xfd, 0x2, 0x82, 0x91, 0xcb, 0x5c, 0x38, 0x45, 0xf, 0xf4, 0xd4, 0xd3, 0x5a, 0x69, 0xc3, 0x81, 0xb5, 0x68, 0x25, 0xb, 0x13, 0x89, 0x1b, 0xf4, 0x39}, + }, + { + description: "AES-192/AAD=0/Plaintext=51", + key: []byte{0xab, 0x13, 0x31, 0xe, 0xca, 0x15, 0x81, 0xaf, 0xb3, 0xc5, 0xb6, 0x19, 0xe5, 0xce, 0x6, 0x82, 0xd0, 0xdf, 0xc1, 0xfa, 0xde, 0x39, 0x28, 0x17}, + nonce: []byte{0x9a, 0x9d, 0xc2, 0x8c, 0xd1, 0x70, 0xb5, 0xb5, 0x54, 0x4e, 0x7f, 0x9b}, + plaintext: []byte{0x63, 0xb8, 0x3d, 0xa3, 0x74, 0xaf, 0xa2, 0x8e, 0x14, 0x78, 0xdc, 0x5c, 0x29, 0x97, 0xa9, 0x83, 0x47, 0xec, 0x1e, 0x71, 0x51, 0x4e, 0xb2, 0x68, 0x22, 0x16, 0x2d, 0xc7, 0xc3, 0x99, 0x2f, 0xd4, 0x1f, 0xb, 0x2c, 0xcc, 0x26, 0xe5, 0x5e, 0x7b, 0xd8, 0xf3, 0xfa, 0x37, 0x21, 0x5f, 0x77, 0x4b, 0x52, 0x16, 0xb5}, + ciphertext: []byte{0x20, 0xb, 0x5, 0xa7, 0x2, 0xcd, 0x96, 0x9b, 0x58, 0xea, 0xdc, 0xee, 0xdc, 0xb9, 0x5f, 0xe2, 0xa9, 0x5d, 0x15, 0x6c, 0x82, 0x94, 0x55, 0xc6, 0x39, 0x76, 0xbf, 0xdd, 0x2, 0x24, 0x34, 0xa7, 0x6d, 0x16, 0x26, 0x6b, 0x89, 0x8d, 0x6d, 0x37, 0xd2, 0xfa, 0x2d, 0x3b, 0xfa, 0xe7, 0x5e, 0x13, 0xe4, 0x5f, 0xe9, 0x3b, 0x6f, 0x79, 0x55, 0x71, 0xb2, 0x25, 0x48, 0xc9, 0xef, 0xfe, 0x79, 0xe4, 0x36, 0xab, 0x39}, + }, + { + description: "AES-192/AAD=1/Plaintext=0", + key: []byte{0xb8, 0x72, 0xb6, 0xc2, 0x38, 0x8d, 0xd9, 0x50, 0x16, 0xe, 0x3f, 0xfa, 0x3b, 0xf0, 0x62, 0x3c, 0x43, 0x86, 0x55, 0xbb, 0x5c, 0x8c, 0x76, 0x8a}, + nonce: []byte{0xb3, 0x3a, 0xe2, 0xee, 0x39, 0x21, 0x86, 0x74, 0x0, 0x86, 0x65, 0xe2}, + aad: []byte{0xa}, + ciphertext: []byte{0x1d, 0xce, 0x89, 0x86, 0x60, 0x13, 0xf, 0xd1, 0xe8, 0x2c, 0xba, 0xaa, 0xd5, 0x5, 0x5b, 0x30}, + }, + { + description: "AES-192/AAD=1/Plaintext=1", + key: []byte{0x3a, 0xcd, 0xf8, 0x4a, 0xbe, 0xf3, 0x5c, 0xab, 0xcc, 0x48, 0x91, 0x58, 0xc0, 0x85, 0x3f, 0xd5, 0xbf, 0xa9, 0x54, 0x22, 0x61, 0x39, 0xfc, 0x44}, + nonce: []byte{0xc4, 0xf5, 0x6, 0x6e, 0x51, 0xdb, 0x72, 0xb7, 0x33, 0xe9, 0xff, 0xb1}, + plaintext: []byte{0x7c}, + aad: []byte{0xbf}, + ciphertext: []byte{0x63, 0xc3, 0x7b, 0xc4, 0xc, 0x19, 0x3e, 0x6e, 0xc2, 0xcf, 0x39, 0x6f, 0x56, 0x8b, 0xe9, 0x78, 0x56}, + }, + { + description: "AES-192/AAD=1/Plaintext=3", + key: []byte{0x9e, 0x65, 0x49, 0x6c, 0x7, 0xd7, 0x89, 0x67, 0x37, 0xcd, 0x90, 0x78, 0x1c, 0xb7, 0x72, 0x65, 0x2, 0xc8, 0x41, 0x72, 0xca, 0x59, 0x68, 0xff}, + nonce: []byte{0xc9, 0xbd, 0xd0, 0x48, 0xe, 0x7c, 0xe6, 0xe2, 0x5f, 0x7d, 0xb, 0x80}, + plaintext: []byte{0xbe, 0x87, 0x42}, + aad: []byte{0x93}, + ciphertext: []byte{0x1e, 0xca, 0x5f, 0xe7, 0x70, 0xce, 0xa6, 0xaf, 0x13, 0x5e, 0x5c, 0xf2, 0xcb, 0xc2, 0xfe, 0xd7, 0xae, 0x36, 0xc8}, + }, + { + description: "AES-192/AAD=1/Plaintext=13", + key: []byte{0x18, 0xc8, 0x50, 0x38, 0x67, 0x9b, 0xa0, 0x65, 0xbc, 0x9f, 0xdf, 0xfa, 0xe3, 0xfa, 0x84, 0x86, 0xfc, 0xef, 0xdd, 0x82, 0xce, 0x9, 0xaf, 0x9e}, + nonce: []byte{0xa5, 0xa6, 0x48, 0x87, 0xe0, 0x6b, 0xa7, 0x67, 0x40, 0x3d, 0xb, 0x78}, + plaintext: []byte{0x8a, 0xb0, 0xae, 0x9e, 0x23, 0xc1, 0xf7, 0x89, 0x1f, 0x8c, 0x0, 0x7, 0xd}, + aad: []byte{0x4e}, + ciphertext: []byte{0x82, 0xc1, 0xaa, 0xa9, 0x25, 0x54, 0x11, 0x6d, 0xda, 0x92, 0xea, 0x1b, 0x11, 0x8c, 0x1a, 0x99, 0xe2, 0x1, 0x71, 0x1, 0x5, 0x87, 0x2d, 0xcf, 0xa2, 0xca, 0xc6, 0xc7, 0xf6}, + }, + { + description: "AES-192/AAD=1/Plaintext=16", + key: []byte{0xf5, 0x41, 0x6b, 0xf1, 0xd5, 0x98, 0xac, 0x5e, 0xb5, 0x39, 0xf1, 0x13, 0x97, 0xf0, 0x67, 0xeb, 0xd1, 0xe4, 0x91, 0xd5, 0xfc, 0xf6, 0x1a, 0xb5}, + nonce: []byte{0xee, 0x2a, 0xb8, 0x2f, 0xb7, 0x77, 0xad, 0x53, 0x8c, 0xfc, 0x11, 0x7c}, + plaintext: []byte{0x3c, 0x50, 0xd2, 0xb3, 0xf9, 0x14, 0x3d, 0x55, 0x77, 0xc, 0x85, 0x73, 0x37, 0x8f, 0x2b, 0xa3}, + aad: []byte{0x43}, + ciphertext: []byte{0x31, 0x75, 0xaf, 0x19, 0x24, 0xb8, 0xb3, 0x17, 0x9e, 0x3, 0xf8, 0xc0, 0x14, 0xff, 0x96, 0x19, 0x4a, 0x4a, 0x18, 0xc, 0xd7, 0x22, 0x5c, 0xf6, 0x31, 0x10, 0xee, 0x16, 0x5c, 0x7a, 0xb2, 0xd7}, + }, + { + description: "AES-192/AAD=1/Plaintext=51", + key: []byte{0x84, 0xcc, 0x13, 0xdc, 0x1c, 0x2b, 0x3c, 0x93, 0xa3, 0x4b, 0xbb, 0x70, 0xdb, 0x68, 0x29, 0xf2, 0xc5, 0x8b, 0xed, 0x1c, 0x7c, 0xf8, 0xf7, 0xa2}, + nonce: []byte{0xba, 0x41, 0xa, 0x70, 0xd0, 0xad, 0x49, 0x6, 0x3, 0x55, 0xb9, 0xde}, + plaintext: []byte{0xb9, 0x70, 0x12, 0x34, 0x56, 0x3, 0xd9, 0xd0, 0xd1, 0xdc, 0xb0, 0xde, 0x9f, 0xcc, 0xd2, 0x20, 0x13, 0x6b, 0x63, 0xa3, 0x31, 0x62, 0x6, 0xe6, 0x88, 0x39, 0x80, 0x2b, 0xa7, 0xc3, 0xc, 0xa3, 0xf8, 0xdd, 0x6a, 0x5b, 0x8f, 0xc3, 0xba, 0x16, 0xe, 0x91, 0x83, 0x80, 0x57, 0xa8, 0x5a, 0x47, 0x9, 0x53, 0x30}, + aad: []byte{0xf8}, + ciphertext: []byte{0xf7, 0x6f, 0x54, 0x70, 0xe7, 0xa9, 0xb5, 0x8c, 0x36, 0x97, 0x46, 0x8b, 0x48, 0x48, 0x10, 0x88, 0x48, 0xe1, 0x52, 0x7f, 0x59, 0xab, 0x28, 0xee, 0x58, 0xe6, 0xf2, 0x1f, 0xda, 0xe6, 0x1d, 0x45, 0x8e, 0x3b, 0x70, 0x2e, 0xdf, 0x15, 0xf1, 0x93, 0x90, 0x8c, 0xe5, 0x10, 0x9c, 0x98, 0x7d, 0x12, 0x34, 0xd4, 0xc7, 0x13, 0x69, 0x80, 0x9, 0x36, 0xc8, 0x58, 0x45, 0x90, 0xeb, 0xc3, 0x3a, 0x19, 0x59, 0x56, 0x38}, + }, + { + description: "AES-192/AAD=3/Plaintext=0", + key: []byte{0x82, 0xe6, 0x4d, 0xbb, 0x12, 0x80, 0xc, 0x53, 0xef, 0x6d, 0xbe, 0x2e, 0x85, 0x2c, 0xe6, 0xb, 0xbb, 0x9, 0xc4, 0x2e, 0x5c, 0x58, 0xa9, 0xf6}, + nonce: []byte{0x2c, 0x59, 0x4, 0xd6, 0x5f, 0xbc, 0xb0, 0xa3, 0x58, 0xd6, 0xe1, 0x32}, + aad: []byte{0xe7, 0x7d, 0xd9}, + ciphertext: []byte{0xe1, 0xe5, 0x1e, 0x3b, 0xbe, 0x4a, 0x15, 0xfd, 0xf0, 0x4f, 0xaf, 0xac, 0x41, 0x7e, 0xf6, 0x41}, + }, + { + description: "AES-192/AAD=3/Plaintext=1", + key: []byte{0xb7, 0xb9, 0x89, 0x3e, 0x86, 0x4e, 0x6d, 0xac, 0x1a, 0xac, 0xb8, 0x87, 0xbd, 0x3, 0x1, 0xe8, 0xa3, 0x91, 0x3a, 0xac, 0x74, 0x25, 0xd2, 0xd9}, + nonce: []byte{0xa6, 0xf6, 0xee, 0x2b, 0x54, 0x93, 0xac, 0xb0, 0x39, 0xac, 0x28, 0x45}, + plaintext: []byte{0xeb}, + aad: []byte{0xe, 0xfa, 0x2e}, + ciphertext: []byte{0xd0, 0x78, 0x8e, 0x68, 0x50, 0xcc, 0x50, 0xbd, 0xc7, 0x64, 0x3c, 0x83, 0xd8, 0xca, 0xf3, 0xea, 0x4c}, + }, + { + description: "AES-192/AAD=3/Plaintext=3", + key: []byte{0xdd, 0xa, 0x3c, 0xf9, 0x6b, 0xa9, 0x7a, 0xd7, 0x1d, 0xae, 0x0, 0x55, 0x60, 0xab, 0xa2, 0xa2, 0x0, 0x7a, 0xf, 0xa0, 0x48, 0x63, 0xcb, 0x69}, + nonce: []byte{0x46, 0x9f, 0x94, 0xa3, 0x6e, 0x89, 0x1e, 0x39, 0xad, 0xcb, 0xcc, 0x9b}, + plaintext: []byte{0x5e, 0x34, 0xca}, + aad: []byte{0x28, 0x13, 0xd1}, + ciphertext: []byte{0x18, 0x16, 0x8c, 0x72, 0x9d, 0xa7, 0x53, 0x9b, 0xe2, 0x1, 0x30, 0x32, 0x45, 0x2f, 0xe0, 0xe1, 0xb4, 0x10, 0xb3}, + }, + { + description: "AES-192/AAD=3/Plaintext=13", + key: []byte{0xd7, 0x43, 0x5a, 0xc8, 0xfc, 0xac, 0x76, 0xa8, 0x96, 0x54, 0x3c, 0x7d, 0xcd, 0x6e, 0xd0, 0x46, 0x1, 0x1f, 0x33, 0xb, 0xcc, 0xe8, 0x48, 0xd}, + nonce: []byte{0x34, 0x26, 0x8e, 0x67, 0x24, 0x2, 0x71, 0xe3, 0x4d, 0xd9, 0x13, 0xd5}, + plaintext: []byte{0xfd, 0xe1, 0x64, 0xa1, 0xe0, 0x14, 0xc9, 0x17, 0xde, 0x8b, 0xd4, 0x71, 0xb8}, + aad: []byte{0xe7, 0xb, 0x77}, + ciphertext: []byte{0x38, 0xfd, 0x37, 0xa8, 0x69, 0x8b, 0x2b, 0x25, 0xf5, 0x3a, 0x83, 0x70, 0xa9, 0x85, 0xe4, 0xf2, 0xd9, 0x9d, 0x33, 0xa3, 0x95, 0x6d, 0xc2, 0xcd, 0x62, 0xc5, 0x88, 0x18, 0x1f}, + }, + { + description: "AES-192/AAD=3/Plaintext=16", + key: []byte{0x77, 0xb, 0x5, 0x68, 0x2, 0x32, 0x6b, 0x38, 0x3f, 0x6e, 0x3a, 0x11, 0x5e, 0xc9, 0x5c, 0xb3, 0x1, 0xc7, 0x79, 0x32, 0x1d, 0x39, 0x1a, 0x14}, + nonce: []byte{0x30, 0xda, 0x52, 0x8d, 0x2c, 0xf0, 0x3b, 0x70, 0x6f, 0x9d, 0x12, 0x54}, + plaintext: []byte{0x96, 0x90, 0x9b, 0xa8, 0xee, 0x78, 0x4, 0xc1, 0x98, 0x4c, 0x2c, 0x43, 0xb6, 0x89, 0xb5, 0x33}, + aad: []byte{0xdd, 0xc6, 0x87}, + ciphertext: []byte{0xe6, 0xab, 0x73, 0xd, 0x94, 0x77, 0x1e, 0x6f, 0x43, 0xe9, 0x3e, 0xf7, 0x43, 0x20, 0x31, 0x64, 0xb, 0x4d, 0x13, 0x6, 0x16, 0x67, 0xcd, 0xdf, 0x54, 0xb9, 0x61, 0xf1, 0x49, 0xdf, 0xd2, 0xb0}, + }, + { + description: "AES-192/AAD=3/Plaintext=51", + key: []byte{0x56, 0x5a, 0xf5, 0x69, 0xfc, 0x67, 0x37, 0x9e, 0xac, 0xb2, 0x46, 0x39, 0xec, 0x7a, 0x77, 0x2a, 0x17, 0x4e, 0x20, 0x59, 0x8f, 0x67, 0xbc, 0xb5}, + nonce: []byte{0xeb, 0x66, 0x6e, 0xef, 0xcd, 0xe0, 0xca, 0x87, 0x27, 0xad, 0xfa, 0xb2}, + plaintext: []byte{0x57, 0x42, 0x8a, 0x8f, 0x32, 0xa8, 0xcb, 0x84, 0x6c, 0xff, 0xe5, 0x3a, 0x2d, 0xe1, 0x35, 0xb4, 0xfe, 0x2f, 0xd, 0x69, 0x5e, 0x2b, 0xc6, 0xe7, 0x7, 0xc0, 0xaf, 0x69, 0x17, 0x88, 0x10, 0xca, 0x79, 0xf4, 0x2e, 0x78, 0x40, 0x21, 0x4c, 0x78, 0x46, 0x6, 0xab, 0x9b, 0x5f, 0x21, 0xf3, 0x4e, 0x9d, 0xae, 0x83}, + aad: []byte{0x5a, 0x3f, 0xa8}, + ciphertext: []byte{0xda, 0x26, 0x1d, 0xa, 0xf, 0xb3, 0x21, 0x23, 0x68, 0x5a, 0x23, 0x19, 0xa, 0x76, 0x3, 0x48, 0xda, 0xdb, 0xd1, 0x69, 0x29, 0xa4, 0xb2, 0x7c, 0x26, 0xba, 0x18, 0x3f, 0x8, 0x22, 0x96, 0xf2, 0x58, 0x93, 0xea, 0x9a, 0xa1, 0x36, 0x7f, 0x22, 0x5c, 0x43, 0x1a, 0x7d, 0xf, 0x53, 0x41, 0x4e, 0x1f, 0x6c, 0x6b, 0x11, 0xea, 0x26, 0xf7, 0xcf, 0x7a, 0xa, 0xd3, 0x12, 0x51, 0x12, 0x9c, 0x7f, 0xfd, 0x2a, 0x47}, + }, + { + description: "AES-192/AAD=13/Plaintext=0", + key: []byte{0x1, 0xf0, 0x7b, 0xe9, 0x8c, 0x92, 0x27, 0x3e, 0xc6, 0x44, 0x7f, 0x57, 0xe7, 0x89, 0x18, 0x72, 0x5f, 0x2f, 0x58, 0xfd, 0x9d, 0x4, 0x7, 0x14}, + nonce: []byte{0x4c, 0xce, 0x2a, 0x5e, 0x7d, 0x6b, 0x7a, 0xae, 0x1b, 0x9c, 0x50, 0x67}, + aad: []byte{0x89, 0xe, 0x5, 0x74, 0x6f, 0x53, 0xf5, 0x67, 0xd4, 0x56, 0x6c, 0x41, 0xdb}, + ciphertext: []byte{0xb7, 0x38, 0xf0, 0x2d, 0x89, 0x32, 0x3c, 0x6d, 0x98, 0x8, 0xe1, 0x2f, 0xb1, 0xf6, 0x76, 0xcb}, + }, + { + description: "AES-192/AAD=13/Plaintext=1", + key: []byte{0xc1, 0x3a, 0x9, 0x32, 0x88, 0xf5, 0xd0, 0xe6, 0x0, 0x1d, 0x70, 0x90, 0x6d, 0x80, 0x78, 0x9e, 0x6b, 0x3a, 0xf6, 0x65, 0xa9, 0x12, 0xb8, 0xfb}, + nonce: []byte{0xbf, 0x78, 0xf6, 0x86, 0x1d, 0x6d, 0xb4, 0x38, 0x67, 0x97, 0x23, 0xf3}, + plaintext: []byte{0xf1}, + aad: []byte{0xc5, 0x73, 0x1e, 0xfe, 0x68, 0xce, 0x19, 0x43, 0xd3, 0xbd, 0x8b, 0xe3, 0x8}, + ciphertext: []byte{0xb3, 0xdb, 0x17, 0xa7, 0x66, 0xb6, 0xc9, 0xe, 0xd9, 0xaf, 0x5, 0xf6, 0x15, 0x60, 0x97, 0xb8, 0xd6}, + }, + { + description: "AES-192/AAD=13/Plaintext=3", + key: []byte{0xac, 0xd4, 0x44, 0x30, 0xf6, 0x7d, 0xfb, 0x6a, 0xfd, 0xf5, 0x22, 0x7b, 0x8f, 0xf1, 0xd, 0x87, 0xcf, 0x7e, 0xeb, 0xe, 0xbc, 0x3, 0x1d, 0xf9}, + nonce: []byte{0x1c, 0xbc, 0x45, 0xad, 0xc6, 0x67, 0x7a, 0x97, 0x31, 0x11, 0x2b, 0x6a}, + plaintext: []byte{0xe9, 0x85, 0xe0}, + aad: []byte{0xc5, 0x46, 0xd0, 0xa3, 0x8d, 0xe1, 0x3d, 0x7e, 0x70, 0x9e, 0x31, 0x28, 0x89}, + ciphertext: []byte{0xe, 0x39, 0x8b, 0x69, 0x43, 0xc2, 0x3c, 0x53, 0x2, 0x6f, 0xfa, 0x14, 0xd, 0x31, 0x47, 0xf3, 0xdf, 0x65, 0xf1}, + }, + { + description: "AES-192/AAD=13/Plaintext=13", + key: []byte{0x89, 0xc7, 0x6c, 0xbd, 0x90, 0xd2, 0x68, 0xb3, 0x35, 0xf0, 0xd2, 0x41, 0xf7, 0x6f, 0x40, 0x4b, 0x54, 0x7d, 0xc4, 0x5e, 0x3d, 0x60, 0xe4, 0xa1}, + nonce: []byte{0x5c, 0x0, 0x6e, 0x4e, 0x4b, 0x86, 0x26, 0x6a, 0x60, 0x95, 0x29, 0x88}, + plaintext: []byte{0xf6, 0xb1, 0x4f, 0xde, 0x11, 0x92, 0x9e, 0xe5, 0x9b, 0x20, 0x53, 0xcf, 0x56}, + aad: []byte{0x4, 0xdf, 0x9, 0x68, 0x66, 0x34, 0xf2, 0x36, 0xac, 0x14, 0x16, 0x26, 0x64}, + ciphertext: []byte{0x14, 0xc9, 0xd6, 0x5e, 0xee, 0x10, 0xe0, 0xbb, 0x67, 0x55, 0x44, 0x1a, 0x34, 0x75, 0xbb, 0xa8, 0xaf, 0xbe, 0x21, 0xd1, 0x56, 0xaf, 0x3e, 0x14, 0x4f, 0x42, 0xad, 0x4f, 0x5d}, + }, + { + description: "AES-192/AAD=13/Plaintext=16", + key: []byte{0xb, 0xe0, 0x9d, 0x4c, 0xf9, 0xa7, 0xb6, 0xc9, 0x30, 0x27, 0x95, 0x6a, 0xef, 0xef, 0x5b, 0x62, 0x9e, 0xcc, 0xba, 0x75, 0x97, 0xb2, 0x6f, 0xe2}, + nonce: []byte{0x8e, 0xc0, 0xae, 0xa3, 0xf4, 0x32, 0xd5, 0x26, 0x2, 0x3a, 0xb1, 0x62}, + plaintext: []byte{0x89, 0x0, 0xd6, 0x59, 0xe0, 0x49, 0x45, 0x16, 0x46, 0xba, 0xfb, 0xbc, 0x6d, 0x14, 0x73, 0x84}, + aad: []byte{0x91, 0x8, 0xf9, 0xa3, 0xd4, 0x3a, 0x8b, 0xf, 0xb7, 0x26, 0x5f, 0x6f, 0xd}, + ciphertext: []byte{0xbf, 0x3, 0x97, 0x51, 0xfe, 0x77, 0x9c, 0x3a, 0xa2, 0x6d, 0x27, 0x4e, 0x35, 0x42, 0xfc, 0x25, 0x89, 0xff, 0xb9, 0x27, 0x37, 0xdd, 0x9b, 0x50, 0x9, 0xbb, 0xd0, 0x72, 0xfc, 0xc2, 0x66, 0x90}, + }, + { + description: "AES-192/AAD=13/Plaintext=51", + key: []byte{0xd4, 0x58, 0x7f, 0x58, 0x90, 0x1b, 0xb4, 0xa3, 0x5e, 0x3c, 0x5c, 0xc8, 0x58, 0x1f, 0xb8, 0x2b, 0x1b, 0xa1, 0x4a, 0xaf, 0x11, 0xaa, 0x4c, 0x38}, + nonce: []byte{0x43, 0xb3, 0x6c, 0xa9, 0x13, 0xa7, 0xb8, 0x68, 0x37, 0x97, 0xed, 0xa5}, + plaintext: []byte{0xb6, 0x90, 0x14, 0x7e, 0x6f, 0xe5, 0x7d, 0x6f, 0x8f, 0x5, 0xbd, 0x25, 0x2e, 0xc2, 0xe1, 0xcf, 0x28, 0x1d, 0x4f, 0x89, 0x75, 0xdc, 0xff, 0x21, 0xaf, 0xe4, 0x11, 0x99, 0x97, 0x79, 0x6a, 0x88, 0x3f, 0xb1, 0x1e, 0x59, 0xe4, 0x30, 0x5c, 0x49, 0x38, 0x22, 0x68, 0xe8, 0xbd, 0x61, 0xe4, 0x19, 0xf2, 0x6d, 0x15}, + aad: []byte{0x6e, 0xde, 0x95, 0x98, 0x3e, 0x64, 0xf3, 0x79, 0x2a, 0x58, 0x26, 0xa2, 0xfe}, + ciphertext: []byte{0xd0, 0xb2, 0x1f, 0x47, 0xbb, 0xa9, 0x69, 0x4a, 0xe5, 0xc5, 0x33, 0xb, 0xc7, 0xa5, 0x30, 0x1c, 0x34, 0x5d, 0xa1, 0x6f, 0x74, 0x8d, 0xf8, 0x60, 0x8e, 0xb5, 0x3b, 0x57, 0xd3, 0x3c, 0x88, 0x92, 0xbe, 0x9c, 0x2e, 0x78, 0xe2, 0xcf, 0x33, 0x7a, 0xe2, 0xbf, 0xa6, 0x0, 0x3, 0x0, 0x68, 0xaf, 0xa1, 0x5c, 0x36, 0xf9, 0xa3, 0x9, 0xc1, 0xeb, 0xd6, 0xb7, 0x28, 0xcd, 0xd1, 0xc7, 0xbb, 0xe7, 0x82, 0x38, 0xd3}, + }, + { + description: "AES-192/AAD=30/Plaintext=0", + key: []byte{0x3a, 0x72, 0x15, 0x22, 0xa4, 0xb1, 0x36, 0xd, 0x79, 0x77, 0x9, 0x98, 0x9d, 0x2c, 0x93, 0x98, 0x20, 0x7b, 0xb1, 0x75, 0xf0, 0x1e, 0x8b, 0xea}, + nonce: []byte{0x32, 0xa8, 0xfc, 0xe3, 0xc1, 0xf0, 0x62, 0x9f, 0xe6, 0x8, 0xf9, 0xe8}, + aad: []byte{0xf1, 0x4f, 0xc3, 0x92, 0x18, 0x72, 0xc, 0x4b, 0xb1, 0x88, 0x82, 0xa4, 0xdc, 0x88, 0x95, 0xb, 0x99, 0x61, 0x89, 0xa9, 0x26, 0xfb, 0xd6, 0x70, 0x81, 0x34, 0xbf, 0x96, 0xfe, 0xc}, + ciphertext: []byte{0xec, 0xfb, 0xb8, 0x5b, 0xe8, 0x1f, 0x93, 0xba, 0x53, 0xb6, 0xd3, 0x33, 0x21, 0x1c, 0xd2, 0x7b}, + }, + { + description: "AES-192/AAD=30/Plaintext=1", + key: []byte{0xce, 0x12, 0x6d, 0x68, 0x49, 0x8f, 0xbf, 0x9f, 0x32, 0x42, 0xaa, 0x8a, 0x31, 0x7c, 0xe3, 0xb4, 0xf5, 0xfd, 0x44, 0xf, 0x6c, 0x10, 0x8d, 0xe3}, + nonce: []byte{0x95, 0x84, 0xab, 0xa3, 0x34, 0xc7, 0x85, 0xf8, 0x8d, 0x16, 0xd4, 0x36}, + plaintext: []byte{0x1f}, + aad: []byte{0x4, 0x6d, 0x31, 0xdf, 0xad, 0xe7, 0x4d, 0x41, 0x93, 0xd1, 0x47, 0xee, 0xc7, 0x90, 0xd2, 0x5b, 0x32, 0x24, 0x9, 0xcb, 0x41, 0xdb, 0xd, 0x56, 0x64, 0xc7, 0x5, 0xb1, 0x57, 0xf8}, + ciphertext: []byte{0xa1, 0xab, 0x9f, 0x2d, 0x5f, 0x86, 0x63, 0x9b, 0x9c, 0xd, 0x2b, 0x53, 0x3d, 0x7d, 0xe, 0x37, 0xed}, + }, + { + description: "AES-192/AAD=30/Plaintext=3", + key: []byte{0x38, 0x25, 0x29, 0x25, 0xa0, 0x23, 0xaa, 0xd5, 0xe7, 0x2b, 0x3a, 0x4c, 0x79, 0x2b, 0xa, 0xa7, 0x59, 0x74, 0xd8, 0xa6, 0xc4, 0x6a, 0x6a, 0xd1}, + nonce: []byte{0x78, 0x22, 0xd5, 0x14, 0x94, 0xeb, 0x59, 0x48, 0x63, 0xd6, 0x26, 0xfb}, + plaintext: []byte{0x2e, 0xfa, 0x62}, + aad: []byte{0xe, 0xa4, 0x3d, 0xd1, 0x34, 0x58, 0x22, 0x6d, 0x22, 0x2e, 0x22, 0xb4, 0x45, 0x9f, 0xef, 0x7f, 0xff, 0x37, 0xeb, 0x50, 0xb6, 0xcf, 0xe4, 0xa7, 0x7b, 0xd5, 0xbe, 0xa6, 0xfe, 0xc6}, + ciphertext: []byte{0x14, 0xab, 0x96, 0x23, 0x48, 0x45, 0x40, 0xfc, 0x45, 0xcc, 0xcb, 0x57, 0x90, 0x3c, 0x8f, 0xaa, 0xcb, 0x4f, 0xd2}, + }, + { + description: "AES-192/AAD=30/Plaintext=13", + key: []byte{0xe5, 0xf4, 0x2, 0x10, 0xf3, 0x9d, 0xc3, 0x98, 0x4d, 0x49, 0x60, 0xce, 0xe8, 0x2a, 0xd0, 0xa, 0x63, 0x3d, 0xe0, 0x75, 0x6d, 0x13, 0x77, 0xfd}, + nonce: []byte{0x2a, 0xa4, 0x11, 0xf7, 0x5f, 0x24, 0xbf, 0x62, 0xf5, 0x37, 0x3e, 0x91}, + plaintext: []byte{0x5c, 0x4a, 0x25, 0x60, 0x12, 0x10, 0x91, 0x2, 0x7d, 0x6, 0x23, 0xb5, 0xcb}, + aad: []byte{0x25, 0x1d, 0x3d, 0x2c, 0x1, 0x95, 0xc0, 0xb1, 0x8b, 0x2a, 0xdb, 0x10, 0xdb, 0xb8, 0x17, 0xc8, 0xe3, 0x6f, 0xb0, 0xde, 0x5a, 0xb1, 0x8e, 0xad, 0xe, 0xd5, 0x97, 0x21, 0x73, 0xb8}, + ciphertext: []byte{0x99, 0xe8, 0xdc, 0x99, 0x14, 0x4f, 0x53, 0x62, 0x8, 0xd1, 0x3, 0x7a, 0x3a, 0xae, 0xbf, 0xe5, 0xa0, 0x1c, 0x30, 0x53, 0x35, 0x1f, 0x20, 0xcf, 0xd1, 0x1d, 0x56, 0x9d, 0xc4}, + }, + { + description: "AES-192/AAD=30/Plaintext=16", + key: []byte{0x4d, 0x60, 0xa2, 0x75, 0xee, 0x3e, 0x6f, 0x5c, 0xc, 0x2a, 0x64, 0x81, 0xe7, 0x7a, 0x66, 0x60, 0xce, 0xf5, 0x84, 0x11, 0x5, 0x1d, 0xfd, 0xc5}, + nonce: []byte{0xaf, 0x89, 0xc1, 0xa0, 0x14, 0x6b, 0x5, 0x9a, 0x8, 0x9c, 0xbe, 0xc}, + plaintext: []byte{0xa3, 0xc3, 0x73, 0x83, 0x5f, 0x68, 0x85, 0xeb, 0xa, 0xf6, 0xc2, 0x90, 0xac, 0x1e, 0xf4, 0x41}, + aad: []byte{0x2, 0xe2, 0x8c, 0x5e, 0xb0, 0x73, 0x53, 0x8, 0xcf, 0x5f, 0x7c, 0xee, 0xdb, 0xb1, 0xca, 0x6a, 0x69, 0x2e, 0x34, 0xc5, 0x88, 0xb5, 0x96, 0x77, 0x91, 0x41, 0x7e, 0xfc, 0xe1, 0x3a}, + ciphertext: []byte{0x7d, 0xd, 0x5c, 0x8c, 0xd3, 0xb6, 0x19, 0xb8, 0x42, 0xdb, 0x32, 0x73, 0x33, 0x42, 0x9c, 0x52, 0x4f, 0x72, 0x33, 0x5c, 0xdf, 0xce, 0xc, 0xbf, 0x53, 0x1, 0x7d, 0x8, 0xae, 0x2f, 0x1b, 0x19}, + }, + { + description: "AES-192/AAD=30/Plaintext=51", + key: []byte{0x24, 0x5e, 0x92, 0xd3, 0x70, 0xbf, 0xe7, 0x5f, 0xb, 0xb8, 0x5d, 0x5a, 0x85, 0xbb, 0x46, 0x95, 0x78, 0xbe, 0x83, 0x44, 0x14, 0x1, 0x52, 0x18}, + nonce: []byte{0x15, 0x52, 0xa2, 0xf0, 0xb0, 0xb, 0xe3, 0x9d, 0xc9, 0x4a, 0x20, 0x6b}, + plaintext: []byte{0x55, 0x0, 0x4, 0x97, 0x52, 0x6f, 0xae, 0xd4, 0x63, 0x74, 0xb7, 0x8a, 0x65, 0x58, 0xe5, 0x24, 0xe8, 0x10, 0xf, 0x1e, 0x54, 0x56, 0xfe, 0xa9, 0x76, 0x41, 0x55, 0xed, 0x77, 0x6, 0x7e, 0x60, 0xd6, 0xc2, 0xef, 0x68, 0xc6, 0xb9, 0x3e, 0xd1, 0x6b, 0xf, 0x39, 0x28, 0x9c, 0x36, 0xa3, 0x2d, 0x3c, 0xc3, 0xb9}, + aad: []byte{0xde, 0xd, 0xd0, 0xbf, 0x5d, 0x92, 0x2d, 0x2, 0xd9, 0x69, 0xc7, 0x4f, 0xdc, 0xad, 0x82, 0xc, 0x99, 0x32, 0x9c, 0x36, 0x4b, 0xec, 0xb6, 0x6b, 0x49, 0xd6, 0xec, 0x5a, 0x2b, 0x6a}, + ciphertext: []byte{0x52, 0x3c, 0x6f, 0x3e, 0xe3, 0x75, 0x97, 0xf4, 0x2c, 0xe5, 0x60, 0x47, 0xce, 0xfa, 0x47, 0x11, 0x2e, 0x31, 0x80, 0x8a, 0xe2, 0xf3, 0x14, 0x87, 0xb6, 0x63, 0x54, 0x73, 0xbe, 0x79, 0x82, 0xa, 0x83, 0x2, 0x10, 0x42, 0xbe, 0x7b, 0xf2, 0x30, 0x77, 0x8d, 0x7f, 0x2d, 0xb4, 0x31, 0xbc, 0xb1, 0x9d, 0x76, 0x87, 0xc2, 0x72, 0xf7, 0x67, 0x1b, 0x81, 0xa9, 0xc2, 0x42, 0xa1, 0x90, 0x2d, 0x3c, 0xbd, 0xa1, 0xa7}, + }, + { + description: "AES-256/AAD=0/Plaintext=1", + key: []byte{0xff, 0x92, 0xd4, 0x3f, 0x70, 0x56, 0x50, 0xa9, 0xe1, 0x3, 0x67, 0xb4, 0xb1, 0xf6, 0x64, 0x85, 0x21, 0x58, 0x71, 0x54, 0x75, 0xd1, 0xe5, 0x77, 0x7e, 0xec, 0x91, 0x75, 0xe1, 0xca, 0x75, 0x99}, + nonce: []byte{0x5e, 0x21, 0x12, 0xf7, 0x4e, 0x17, 0xac, 0xfa, 0xeb, 0x1e, 0x6f, 0x34}, + plaintext: []byte{0x45}, + ciphertext: []byte{0xa0, 0x92, 0x20, 0x36, 0x27, 0xf7, 0xb5, 0x9c, 0xda, 0xa0, 0xd1, 0x46, 0xf1, 0x4e, 0x17, 0xd6, 0xfa}, + }, + { + description: "AES-256/AAD=0/Plaintext=3", + key: []byte{0xf1, 0xca, 0x36, 0xd8, 0xc0, 0x3e, 0xf0, 0x78, 0x90, 0xd4, 0xb3, 0x9, 0xfe, 0xf7, 0x1, 0xaf, 0xd1, 0x59, 0x37, 0x78, 0x89, 0xe, 0xe4, 0x2f, 0xb9, 0x8f, 0x7b, 0x40, 0xdb, 0x40, 0xa1, 0x7e}, + nonce: []byte{0xf4, 0x83, 0x54, 0xc9, 0x44, 0xb5, 0xb1, 0x3b, 0x1f, 0x65, 0xe2, 0x46}, + plaintext: []byte{0x8a, 0x7c, 0x50}, + ciphertext: []byte{0xba, 0x9f, 0xab, 0xc6, 0x1d, 0x97, 0x9b, 0x63, 0xa9, 0x96, 0xfd, 0x4b, 0xc2, 0xc9, 0x13, 0x9a, 0x48, 0x81, 0xdb}, + }, + { + description: "AES-256/AAD=0/Plaintext=13", + key: []byte{0xe0, 0xf2, 0xb9, 0xdc, 0x2e, 0x39, 0xf2, 0x88, 0x17, 0xb5, 0xf8, 0xb6, 0x28, 0xb1, 0xa3, 0x34, 0x94, 0xd6, 0xcd, 0x31, 0xa9, 0x5f, 0x26, 0xdb, 0xc3, 0xb1, 0xd2, 0x8e, 0x1, 0xf0, 0xce, 0x79}, + nonce: []byte{0x58, 0xd5, 0xff, 0x59, 0xe9, 0x2a, 0x73, 0x42, 0x52, 0xb4, 0xa7, 0x92}, + plaintext: []byte{0x75, 0x68, 0xd1, 0x34, 0x67, 0x6e, 0x20, 0x48, 0xab, 0x9, 0x86, 0x2a, 0x11}, + ciphertext: []byte{0x9f, 0x9d, 0x48, 0x78, 0x8f, 0xec, 0x75, 0x79, 0x7d, 0xbc, 0x6a, 0xaa, 0xe1, 0xa9, 0x2f, 0xe5, 0x7d, 0x13, 0x70, 0xd8, 0xf1, 0x18, 0x6a, 0x43, 0x9f, 0xa1, 0xd1, 0x41, 0xc2}, + }, + { + description: "AES-256/AAD=0/Plaintext=16", + key: []byte{0x91, 0x6a, 0xb5, 0xb1, 0x0, 0x95, 0x93, 0x66, 0x3f, 0x17, 0xdc, 0x3, 0x6, 0xc1, 0xb1, 0xe8, 0x6e, 0x1d, 0xf7, 0xda, 0x77, 0xda, 0x74, 0xa5, 0x25, 0xaa, 0x3a, 0x62, 0x27, 0x81, 0x97, 0x37}, + nonce: []byte{0x42, 0x3b, 0x4d, 0x3d, 0x1c, 0xeb, 0x8a, 0xfa, 0xac, 0xcf, 0xf5, 0x66}, + plaintext: []byte{0xc, 0x3b, 0x2b, 0x98, 0xb0, 0xea, 0x85, 0xb4, 0xf3, 0x37, 0x4c, 0xa5, 0x93, 0x28, 0x8, 0x73}, + ciphertext: []byte{0x57, 0x88, 0x25, 0xcc, 0x67, 0x24, 0x77, 0x1e, 0x89, 0x6f, 0x24, 0x68, 0xe3, 0xde, 0xc9, 0xa0, 0xc4, 0xe, 0xc8, 0x1, 0xf1, 0x2c, 0x9d, 0xe9, 0x10, 0xef, 0x61, 0xdb, 0xbd, 0xa1, 0x9, 0xd}, + }, + { + description: "AES-256/AAD=0/Plaintext=51", + key: []byte{0x47, 0x6, 0xf8, 0xbe, 0xd, 0xfd, 0x1f, 0x18, 0x87, 0x12, 0xdd, 0xb7, 0xd, 0x5, 0xe1, 0x77, 0xb3, 0x74, 0xb4, 0x65, 0x20, 0x6b, 0x61, 0x8d, 0x44, 0xa4, 0x2d, 0xea, 0x50, 0xd7, 0xb7, 0x8d}, + nonce: []byte{0xcb, 0x55, 0x32, 0x60, 0x57, 0x56, 0xf1, 0xc3, 0x47, 0xfd, 0x95, 0x59}, + plaintext: []byte{0x3b, 0x22, 0x8f, 0x8a, 0xc, 0x3b, 0xcd, 0x70, 0xd6, 0x99, 0xf7, 0x2e, 0x31, 0x6f, 0xd2, 0xd6, 0x90, 0xa1, 0xe7, 0x63, 0x6c, 0x61, 0xfc, 0x4a, 0x99, 0xbd, 0x3e, 0xc7, 0x33, 0x5d, 0x72, 0x8e, 0x43, 0x6b, 0x21, 0x95, 0x4a, 0x6f, 0xd5, 0xe7, 0x57, 0xd1, 0xc3, 0x51, 0x48, 0x73, 0xc6, 0xd4, 0x74, 0x78, 0x2a}, + ciphertext: []byte{0x5a, 0xaf, 0x87, 0xca, 0x17, 0x59, 0xc0, 0x22, 0x64, 0x5c, 0x57, 0x8b, 0xc9, 0x18, 0xa8, 0x1c, 0x3, 0xd9, 0x15, 0xdf, 0x2a, 0x3f, 0x1d, 0x51, 0xb8, 0x1b, 0x8a, 0xc7, 0x3a, 0xff, 0x18, 0x5e, 0x6a, 0x1, 0x9c, 0x3a, 0xda, 0xad, 0x96, 0xf7, 0x4b, 0x70, 0xe0, 0xfe, 0x65, 0x7, 0x46, 0x80, 0x9a, 0x5b, 0xce, 0xd, 0xf5, 0xfd, 0x17, 0xa4, 0x10, 0xd9, 0xe5, 0x5b, 0x6e, 0x7c, 0xda, 0xef, 0x95, 0x81, 0xf}, + }, + { + description: "AES-256/AAD=1/Plaintext=0", + key: []byte{0xf5, 0x62, 0xe2, 0x37, 0xda, 0x54, 0xee, 0x1a, 0xb1, 0x84, 0x14, 0xb1, 0xd2, 0x45, 0x95, 0x52, 0x3d, 0x9d, 0x0, 0x75, 0xe5, 0x75, 0x7f, 0x54, 0xd5, 0x14, 0xe0, 0xdf, 0xd5, 0x18, 0xe5, 0x71}, + nonce: []byte{0x8e, 0xb4, 0x15, 0x53, 0xc, 0x94, 0xd7, 0xbf, 0xd3, 0x2e, 0x76, 0x45}, + aad: []byte{0xac}, + ciphertext: []byte{0x13, 0x82, 0x34, 0x71, 0x3a, 0x61, 0x53, 0xcd, 0x80, 0xed, 0x60, 0x7b, 0x0, 0x35, 0xda, 0x45}, + }, + { + description: "AES-256/AAD=1/Plaintext=1", + key: []byte{0x6e, 0x99, 0xb1, 0xf9, 0x28, 0xc6, 0x83, 0xcc, 0xef, 0xee, 0x6a, 0x33, 0x32, 0x79, 0xc0, 0xc1, 0x3, 0x58, 0xf4, 0x2, 0xc2, 0x8, 0x34, 0x9b, 0xa3, 0x3b, 0xaf, 0xb0, 0x58, 0x31, 0xc3, 0xa6}, + nonce: []byte{0xe6, 0x38, 0x8f, 0xa9, 0x45, 0x38, 0x3d, 0x55, 0xef, 0xd3, 0x90, 0x42}, + plaintext: []byte{0x34}, + aad: []byte{0xff}, + ciphertext: []byte{0x50, 0x25, 0xb, 0x4, 0x68, 0xa9, 0x72, 0x58, 0xce, 0xf, 0x4f, 0x95, 0x6c, 0x7d, 0xa6, 0x6, 0x3d}, + }, + { + description: "AES-256/AAD=1/Plaintext=3", + key: []byte{0xc4, 0x4f, 0xc9, 0x52, 0xab, 0xaf, 0x4e, 0x5, 0x48, 0xc9, 0x1d, 0xa2, 0x15, 0x55, 0x80, 0x9c, 0xd0, 0xc8, 0x1a, 0x79, 0xbb, 0x2a, 0x72, 0x66, 0x9c, 0x57, 0x16, 0x5e, 0xa4, 0xaf, 0x5f, 0x2f}, + nonce: []byte{0xbc, 0xf2, 0xe7, 0xf6, 0x38, 0xcf, 0xdc, 0xd8, 0x71, 0xca, 0x52, 0x45}, + plaintext: []byte{0x0, 0x59, 0x70}, + aad: []byte{0x30}, + ciphertext: []byte{0x70, 0x16, 0xb1, 0x1d, 0x71, 0xf8, 0xe2, 0x99, 0xf0, 0x1d, 0xb8, 0x22, 0xe0, 0x7b, 0x60, 0x8b, 0x91, 0x2c, 0xf6}, + }, + { + description: "AES-256/AAD=1/Plaintext=13", + key: []byte{0x36, 0x9a, 0xc9, 0x30, 0xa3, 0x8, 0xce, 0x19, 0x59, 0xff, 0x22, 0x48, 0x83, 0xbf, 0x0, 0x60, 0x94, 0x6, 0x72, 0x85, 0x96, 0x35, 0xc9, 0xd, 0x5e, 0x4a, 0x7b, 0x4b, 0x73, 0x2c, 0xe3, 0x6f}, + nonce: []byte{0xed, 0x28, 0x1f, 0x24, 0x10, 0xdd, 0xb1, 0x9a, 0xbf, 0x7b, 0x4a, 0x5e}, + plaintext: []byte{0x33, 0xf5, 0x5f, 0x9a, 0x1d, 0xb6, 0xd4, 0x6d, 0x1a, 0x32, 0x50, 0xaf, 0x52}, + aad: []byte{0x60}, + ciphertext: []byte{0xd7, 0xfd, 0x56, 0x83, 0x86, 0x25, 0xea, 0xa8, 0xea, 0x77, 0xde, 0x9d, 0xaa, 0xfc, 0x4, 0x47, 0x6d, 0x7, 0x35, 0x6, 0x61, 0x60, 0x68, 0xfe, 0x5d, 0xb1, 0x2, 0xa9, 0x5b}, + }, + { + description: "AES-256/AAD=1/Plaintext=16", + key: []byte{0xbe, 0x54, 0x42, 0x2b, 0xb9, 0x1b, 0x3c, 0x8, 0x26, 0xa8, 0x8a, 0x18, 0xf8, 0x8c, 0x79, 0xc0, 0xcb, 0xed, 0xf1, 0x40, 0x7d, 0xb, 0xbf, 0xac, 0x48, 0x4, 0x38, 0xf9, 0xc, 0x6f, 0x92, 0xfa}, + nonce: []byte{0x21, 0x24, 0x9b, 0x36, 0xab, 0x6e, 0x59, 0xc0, 0x35, 0xc, 0xdd, 0xb7}, + plaintext: []byte{0xf3, 0xa5, 0xd, 0x45, 0x97, 0xd1, 0x9d, 0xe0, 0x54, 0xfc, 0x12, 0xac, 0xf3, 0x63, 0x44, 0xd0}, + aad: []byte{0x3c}, + ciphertext: []byte{0x8c, 0x4b, 0xdf, 0x2a, 0x9c, 0x16, 0x7f, 0x53, 0xbb, 0xb2, 0x8a, 0x7c, 0x32, 0x49, 0x85, 0xb8, 0x1f, 0xfa, 0xc7, 0xb, 0x8e, 0xad, 0xf9, 0x71, 0x61, 0x82, 0x20, 0x74, 0xef, 0x88, 0xe1, 0xae}, + }, + { + description: "AES-256/AAD=1/Plaintext=51", + key: []byte{0xe5, 0x57, 0x75, 0xa5, 0xc4, 0x35, 0xb, 0x9a, 0x6c, 0x9f, 0x3f, 0x69, 0x75, 0x6d, 0xfc, 0x96, 0xb4, 0xf4, 0x7f, 0xfb, 0xc6, 0xf1, 0xff, 0x9e, 0x22, 0xe2, 0xc9, 0x6d, 0x8f, 0xd2, 0x35, 0x72}, + nonce: []byte{0x67, 0x87, 0x4c, 0x15, 0x59, 0x10, 0x80, 0xd2, 0x74, 0xb5, 0xe5, 0x90}, + plaintext: []byte{0x8, 0x78, 0x48, 0x37, 0xfa, 0xdb, 0x2, 0xf7, 0x30, 0x1f, 0xd0, 0x98, 0x4a, 0x88, 0x47, 0x99, 0xd6, 0x1a, 0x83, 0xb8, 0xbd, 0x7a, 0x3c, 0xf1, 0xc9, 0x74, 0xf2, 0x95, 0x8f, 0x81, 0xa5, 0x4e, 0xa8, 0xe, 0xbe, 0x5, 0x2e, 0x6e, 0x87, 0x52, 0xf1, 0xbf, 0xc8, 0x3e, 0x6d, 0x25, 0x4f, 0x3f, 0x40, 0x34, 0xd4}, + aad: []byte{0xe8}, + ciphertext: []byte{0x24, 0xa, 0x17, 0x7b, 0x7d, 0xd7, 0xf6, 0xd7, 0xa9, 0xf, 0x14, 0xf4, 0x54, 0xa3, 0x13, 0xa9, 0x23, 0x69, 0xc9, 0xd4, 0xf4, 0xcd, 0xaa, 0xa1, 0x84, 0x7a, 0xbf, 0x7a, 0x97, 0xf1, 0xde, 0x19, 0xfe, 0x57, 0x58, 0x3e, 0x60, 0x16, 0xcf, 0x10, 0x2d, 0x6e, 0x12, 0xfd, 0x5f, 0xe6, 0x52, 0x2e, 0xc6, 0x4f, 0xa3, 0xde, 0x2e, 0xa5, 0x91, 0x2e, 0xc4, 0x9e, 0x1d, 0xe0, 0x3, 0x38, 0x8e, 0x62, 0x97, 0xb8, 0x59}, + }, + { + description: "AES-256/AAD=3/Plaintext=0", + key: []byte{0xf1, 0x4, 0x59, 0xb1, 0x5f, 0x11, 0x1b, 0xb3, 0x17, 0xc8, 0x52, 0xed, 0x45, 0x48, 0x6e, 0xa5, 0xf7, 0x3e, 0xaf, 0x39, 0x3a, 0x31, 0x3f, 0x9e, 0x47, 0xc, 0x67, 0xd0, 0x4d, 0x20, 0xbc, 0xcf}, + nonce: []byte{0x2b, 0x29, 0x86, 0x41, 0xd2, 0x71, 0x6f, 0xbd, 0x18, 0x12, 0x4e, 0xe4}, + aad: []byte{0x60, 0x3a, 0x8f}, + ciphertext: []byte{0x4b, 0x34, 0x2a, 0x6b, 0x1b, 0x3, 0x45, 0xd8, 0x7, 0x46, 0x7, 0xca, 0xb5, 0x6d, 0xa5, 0x45}, + }, + { + description: "AES-256/AAD=3/Plaintext=1", + key: []byte{0x6b, 0x7c, 0x3f, 0x8d, 0x2f, 0x90, 0x8c, 0xe7, 0x64, 0xe4, 0x8, 0x9e, 0x8d, 0x4f, 0x15, 0x4c, 0x92, 0x40, 0xa5, 0x77, 0x7d, 0x46, 0x7f, 0x84, 0x72, 0x37, 0x75, 0x10, 0x12, 0x2f, 0x41, 0xce}, + nonce: []byte{0x9e, 0xc0, 0xf9, 0x89, 0xb5, 0x37, 0x1c, 0x74, 0xbe, 0x9e, 0x26, 0x9e}, + plaintext: []byte{0xfb}, + aad: []byte{0x61, 0x85, 0x3b}, + ciphertext: []byte{0x71, 0x4, 0xe, 0x1f, 0x6d, 0xeb, 0x46, 0x90, 0x8f, 0xb, 0x22, 0xc4, 0xec, 0xe3, 0xf9, 0xd8, 0xe2}, + }, + { + description: "AES-256/AAD=3/Plaintext=3", + key: []byte{0xd7, 0x8b, 0xc2, 0x53, 0xc0, 0x97, 0xe3, 0x81, 0x5d, 0xed, 0x67, 0xf6, 0xf6, 0x74, 0xd2, 0xfc, 0x1e, 0x7a, 0x4d, 0xf0, 0x8, 0x87, 0xeb, 0x12, 0x8f, 0xff, 0x64, 0x8a, 0x3e, 0x9, 0xa5, 0xaa}, + nonce: []byte{0x9a, 0x67, 0x26, 0x3f, 0xd, 0xad, 0x56, 0x93, 0x78, 0x21, 0x58, 0x69}, + plaintext: []byte{0x7b, 0x99, 0x4}, + aad: []byte{0xf4, 0x41, 0x20}, + ciphertext: []byte{0xa8, 0xb5, 0xb, 0xd2, 0xf6, 0x14, 0x7e, 0x16, 0x8b, 0x43, 0xa4, 0x76, 0xd7, 0x7, 0xb2, 0x70, 0xdb, 0x85, 0x99}, + }, + { + description: "AES-256/AAD=3/Plaintext=13", + key: []byte{0x72, 0x68, 0x6f, 0xd1, 0xff, 0x51, 0x8f, 0xd4, 0xc1, 0xe1, 0x83, 0x69, 0x88, 0x9a, 0xfe, 0xfc, 0x3c, 0x14, 0xd3, 0x47, 0x10, 0x94, 0x47, 0x41, 0x7c, 0x17, 0x4d, 0x32, 0x13, 0x22, 0x57, 0x40}, + nonce: []byte{0x7, 0x8c, 0x2d, 0x46, 0x81, 0x41, 0xe1, 0xb4, 0x79, 0x24, 0x53, 0xf1}, + plaintext: []byte{0x38, 0x87, 0x76, 0x29, 0x7, 0x9b, 0x13, 0x52, 0x2, 0xf7, 0x3c, 0x86, 0x1e}, + aad: []byte{0x44, 0x2c, 0x33}, + ciphertext: []byte{0xae, 0x3d, 0x2e, 0x5c, 0x61, 0x54, 0x57, 0x9e, 0xdf, 0x1e, 0xb9, 0x8b, 0x84, 0xd0, 0xff, 0x5c, 0x3b, 0xcd, 0xf1, 0x47, 0x35, 0x68, 0x96, 0x47, 0xae, 0x70, 0xc7, 0xb9, 0x95}, + }, + { + description: "AES-256/AAD=3/Plaintext=16", + key: []byte{0xf6, 0xc9, 0xcc, 0xb3, 0xc3, 0xc3, 0x29, 0x48, 0x59, 0x58, 0xfb, 0x6d, 0x49, 0x86, 0x93, 0x5e, 0xe5, 0xa9, 0xe9, 0x12, 0x21, 0x82, 0x59, 0xcf, 0x7d, 0x61, 0x2a, 0x2d, 0x79, 0xf3, 0x1e, 0x36}, + nonce: []byte{0x26, 0x91, 0x4e, 0xe2, 0xec, 0x14, 0x95, 0x16, 0x2c, 0x80, 0x1e, 0x3d}, + plaintext: []byte{0x5b, 0x45, 0x80, 0xca, 0xc9, 0x5d, 0x2e, 0xed, 0xf, 0x48, 0x3a, 0x58, 0xd1, 0x6c, 0x4e, 0x7d}, + aad: []byte{0x1d, 0xe0, 0xf1}, + ciphertext: []byte{0xfb, 0xb2, 0xfd, 0x4c, 0x50, 0x1b, 0x5, 0x64, 0xdc, 0xd, 0x54, 0xa, 0xd1, 0x7c, 0xb0, 0x6a, 0xf0, 0xf0, 0xd, 0x5f, 0x5c, 0x50, 0xae, 0x23, 0x44, 0x6f, 0xf5, 0x6b, 0x8c, 0x65, 0xef, 0xc}, + }, + { + description: "AES-256/AAD=3/Plaintext=51", + key: []byte{0xba, 0x27, 0xd6, 0x4, 0xf6, 0x75, 0x6, 0xc2, 0xdf, 0xd1, 0x67, 0x3, 0x32, 0xab, 0x70, 0x35, 0x35, 0x59, 0x75, 0x27, 0xef, 0x1e, 0x3e, 0x7f, 0x7, 0x92, 0xa7, 0xe, 0x67, 0x12, 0xbb, 0xda}, + nonce: []byte{0x58, 0xe0, 0x70, 0x9c, 0x3b, 0xd8, 0x32, 0x2e, 0xa4, 0xc9, 0x77, 0xfa}, + plaintext: []byte{0x21, 0xfb, 0x9e, 0x44, 0xdd, 0xe7, 0xb7, 0xe2, 0xfa, 0xb9, 0xd8, 0xd9, 0xbd, 0xf4, 0x6d, 0x42, 0x9a, 0xa1, 0xaf, 0x6f, 0x83, 0xcb, 0xa3, 0xc5, 0xb7, 0x23, 0x6d, 0x3c, 0x86, 0x57, 0x55, 0x8e, 0xea, 0xa5, 0x70, 0x3a, 0xd4, 0x65, 0x5f, 0xdc, 0x9c, 0xd2, 0xcf, 0x1e, 0xdf, 0xbb, 0x24, 0x57, 0x96, 0x69, 0xa0}, + aad: []byte{0xc1, 0x0, 0x15}, + ciphertext: []byte{0xf2, 0xf5, 0xa5, 0xbf, 0xd1, 0xef, 0xbb, 0xf4, 0x19, 0xbb, 0x71, 0x96, 0x49, 0x47, 0x8, 0xca, 0x1e, 0x7, 0xf5, 0x2e, 0x6e, 0x53, 0x38, 0xc3, 0x1f, 0x66, 0xb, 0xdf, 0xa4, 0xef, 0x27, 0xf4, 0xdc, 0x63, 0xc3, 0xd4, 0x83, 0xc7, 0x64, 0xee, 0x76, 0xd0, 0xbb, 0x53, 0x87, 0xd, 0xe4, 0xb0, 0xd6, 0x8d, 0x5d, 0x9a, 0xd3, 0x88, 0xf4, 0x65, 0x3a, 0x38, 0xaf, 0xf3, 0x2a, 0x4c, 0xaa, 0xc9, 0xb4, 0x3a, 0x1f}, + }, + { + description: "AES-256/AAD=13/Plaintext=0", + key: []byte{0x6f, 0xf8, 0x10, 0xb6, 0x68, 0xc2, 0xd7, 0xb2, 0x3a, 0x80, 0xfd, 0x4f, 0xf5, 0xed, 0xf0, 0xcf, 0x34, 0x8d, 0x21, 0x4c, 0x3, 0x44, 0x63, 0xf2, 0x26, 0x8c, 0xcf, 0x15, 0xf6, 0xe3, 0xc3, 0x4c}, + nonce: []byte{0xba, 0x6b, 0xfe, 0x1f, 0x38, 0x7b, 0x91, 0x67, 0xb7, 0xd7, 0xcd, 0xde}, + aad: []byte{0x23, 0x58, 0x6b, 0xe6, 0x85, 0xd8, 0xc3, 0x8c, 0x8e, 0xf7, 0x67, 0xf0, 0x10}, + ciphertext: []byte{0x59, 0xbf, 0xd3, 0xfc, 0x25, 0xd6, 0x7f, 0x72, 0x7b, 0x1b, 0x9, 0x3b, 0x8d, 0x5d, 0x85, 0xc}, + }, + { + description: "AES-256/AAD=13/Plaintext=1", + key: []byte{0xd0, 0x32, 0xbd, 0x4a, 0x4e, 0x8f, 0xf8, 0x15, 0x41, 0xad, 0xfd, 0xca, 0x65, 0xac, 0xb6, 0xf7, 0xe1, 0x24, 0x39, 0xb9, 0xa2, 0x20, 0xb5, 0x8a, 0xf1, 0x66, 0x1d, 0x2f, 0x4e, 0xd0, 0xff, 0xb2}, + nonce: []byte{0x5f, 0xaa, 0x43, 0xcd, 0x91, 0x59, 0x1d, 0xcd, 0x24, 0x75, 0x61, 0x5b}, + plaintext: []byte{0xaa}, + aad: []byte{0x1e, 0x1, 0x49, 0xf0, 0xbc, 0xb7, 0xb, 0xc4, 0x32, 0x36, 0x15, 0xc8, 0x98}, + ciphertext: []byte{0x6, 0x46, 0xdc, 0xc3, 0x68, 0x16, 0x2e, 0x28, 0xa1, 0xc, 0x72, 0xbb, 0xee, 0xc1, 0xb9, 0x65, 0x9a}, + }, + { + description: "AES-256/AAD=13/Plaintext=3", + key: []byte{0x19, 0x88, 0x94, 0x8b, 0xd5, 0xf7, 0xb0, 0xa4, 0xbd, 0x5c, 0xdb, 0x3d, 0xaf, 0x5a, 0x98, 0x41, 0xa9, 0xbc, 0x27, 0xdc, 0xec, 0xa9, 0x77, 0x43, 0x42, 0xaf, 0xe0, 0xdb, 0xf3, 0xb9, 0x3, 0xa2}, + nonce: []byte{0xa0, 0x1a, 0x64, 0x98, 0xd9, 0x80, 0x2d, 0xb4, 0x43, 0xa4, 0x35, 0x4b}, + plaintext: []byte{0xb5, 0xa6, 0x15}, + aad: []byte{0x87, 0xa9, 0xe9, 0x94, 0x6a, 0x3f, 0xb1, 0x9e, 0x10, 0xdf, 0xd, 0x76, 0x7f}, + ciphertext: []byte{0xb8, 0xb7, 0x38, 0x9f, 0x22, 0xfc, 0x93, 0x8f, 0xf8, 0x77, 0x73, 0x48, 0x94, 0x8f, 0xd2, 0xb9, 0xe0, 0xdd, 0x10}, + }, + { + description: "AES-256/AAD=13/Plaintext=13", + key: []byte{0x1a, 0x69, 0x20, 0x8, 0x37, 0xe5, 0x17, 0xd2, 0x21, 0x79, 0x93, 0x4d, 0x5b, 0xa7, 0xdc, 0xb3, 0xfa, 0xae, 0x31, 0xd7, 0xa8, 0xe5, 0xfe, 0xe9, 0x79, 0xb9, 0xfc, 0x80, 0x46, 0x7d, 0x5a, 0x6a}, + nonce: []byte{0x65, 0xed, 0xbc, 0xc8, 0x59, 0x2e, 0x68, 0xfb, 0xb5, 0x20, 0x2a, 0x20}, + plaintext: []byte{0x53, 0xba, 0xba, 0xa8, 0xce, 0xde, 0xbe, 0x3, 0xa6, 0x5, 0xcf, 0xe7, 0x2c}, + aad: []byte{0x16, 0x69, 0xa, 0x70, 0xbd, 0x16, 0xd6, 0xda, 0x24, 0xaf, 0x7d, 0x30, 0xf1}, + ciphertext: []byte{0x3d, 0x3d, 0xb4, 0x4f, 0x4d, 0x56, 0x54, 0x97, 0x9f, 0xae, 0x72, 0xe1, 0x5a, 0x75, 0x87, 0x41, 0x92, 0x17, 0x2d, 0x3f, 0xff, 0xcc, 0x68, 0x31, 0xa6, 0xe3, 0x7b, 0x79, 0x40}, + }, + { + description: "AES-256/AAD=13/Plaintext=16", + key: []byte{0x26, 0xb, 0x43, 0x54, 0x19, 0x82, 0x78, 0xd5, 0xc, 0xc7, 0x13, 0xf8, 0xa2, 0x52, 0x26, 0x7e, 0xb, 0xa5, 0x46, 0x8f, 0xa6, 0x8c, 0xdd, 0xba, 0x5c, 0x5f, 0x6, 0xf8, 0xfc, 0x24, 0xbc, 0xda}, + nonce: []byte{0xc1, 0x48, 0xe2, 0xf4, 0x7f, 0x84, 0x7d, 0x4c, 0x83, 0xfb, 0x7b, 0x40}, + plaintext: []byte{0x9, 0xa8, 0x48, 0x46, 0xaf, 0xed, 0x52, 0x78, 0x9f, 0xbd, 0xc, 0xd, 0x6, 0xa5, 0x62, 0xeb}, + aad: []byte{0x6d, 0x9e, 0x23, 0xeb, 0x77, 0x49, 0xfe, 0x44, 0x70, 0x7d, 0x4b, 0xc1, 0xd7}, + ciphertext: []byte{0xed, 0xb5, 0xf8, 0x6f, 0xf1, 0xff, 0x2b, 0x16, 0x5f, 0x7a, 0x2, 0x16, 0xc1, 0x63, 0xd, 0x5b, 0xf0, 0xa2, 0x59, 0x80, 0x15, 0x16, 0x40, 0x6a, 0xa, 0xb4, 0x2c, 0xbb, 0xcd, 0xa0, 0x34, 0xd5}, + }, + { + description: "AES-256/AAD=13/Plaintext=51", + key: []byte{0xe0, 0x86, 0x23, 0x1c, 0x3b, 0xf, 0xed, 0xe, 0x60, 0x5, 0x9b, 0x86, 0x45, 0x49, 0x35, 0x77, 0xd9, 0x5, 0xfe, 0xb0, 0x7a, 0x78, 0xc7, 0x54, 0x30, 0x76, 0xd6, 0x9a, 0x3f, 0x53, 0xaf, 0xb2}, + nonce: []byte{0x9b, 0x1a, 0x86, 0x12, 0xea, 0x94, 0x9a, 0x67, 0x14, 0x46, 0x42, 0xe8}, + plaintext: []byte{0x8f, 0x4b, 0x76, 0xcd, 0xab, 0xfa, 0x7a, 0x9c, 0x82, 0x87, 0x65, 0x8, 0x1f, 0x9c, 0x97, 0xc3, 0xc2, 0x20, 0x7f, 0x1a, 0xd2, 0x4d, 0x23, 0x1f, 0xc2, 0x42, 0xcd, 0x4a, 0x5, 0xf5, 0x22, 0x94, 0xca, 0xb8, 0x11, 0x5, 0xf9, 0xcc, 0x84, 0x50, 0x41, 0x15, 0x8f, 0xe, 0x35, 0xf3, 0xa6, 0x76, 0x5c, 0x6c, 0x6c}, + aad: []byte{0xd8, 0x39, 0x79, 0x6, 0x8, 0x1, 0x21, 0x7e, 0x6, 0xe3, 0x4, 0x5f, 0xa3}, + ciphertext: []byte{0x4e, 0xad, 0x68, 0xd2, 0xdb, 0xa9, 0xdf, 0x1b, 0x2a, 0xac, 0xec, 0x63, 0x3d, 0xd9, 0x55, 0x12, 0xd2, 0x7d, 0xef, 0xd2, 0xe, 0xcf, 0x21, 0x25, 0x2b, 0x36, 0x7c, 0xa1, 0xd2, 0x61, 0xf7, 0x4c, 0x7c, 0xb4, 0x5, 0x55, 0x5c, 0x2d, 0x6b, 0x23, 0x6, 0x62, 0xb5, 0xbb, 0x95, 0xae, 0x48, 0x8, 0x36, 0xea, 0x4c, 0x21, 0xe3, 0x4e, 0xf3, 0xab, 0x1b, 0x7e, 0x9f, 0x3f, 0x4d, 0x25, 0x61, 0x66, 0x5b, 0xbc, 0x51}, + }, + { + description: "AES-256/AAD=30/Plaintext=0", + key: []byte{0x97, 0x6a, 0xec, 0xea, 0x6d, 0x5a, 0xb0, 0x10, 0x13, 0xda, 0x57, 0x18, 0x70, 0x4e, 0x1a, 0xab, 0x21, 0xf2, 0x6b, 0x3c, 0xea, 0xca, 0xe9, 0x25, 0x19, 0xf1, 0xb9, 0xa, 0x84, 0xc1, 0x6, 0x84}, + nonce: []byte{0xcb, 0x8, 0xe4, 0xe2, 0x3, 0x37, 0xf2, 0x92, 0xc7, 0xad, 0xd4, 0xc}, + aad: []byte{0xf3, 0x3b, 0x34, 0x62, 0x3c, 0xc5, 0x2e, 0x25, 0xc2, 0x21, 0x7, 0x39, 0x8b, 0x9d, 0x47, 0xc9, 0x55, 0x86, 0xe6, 0x5c, 0x32, 0x32, 0xf6, 0xee, 0xb5, 0x6c, 0xca, 0x86, 0x25, 0xbd}, + ciphertext: []byte{0x50, 0xd1, 0xcc, 0xdb, 0x1d, 0x7c, 0xd6, 0xa0, 0x83, 0xca, 0x75, 0x6, 0x63, 0xb9, 0xf9, 0xd}, + }, + { + description: "AES-256/AAD=30/Plaintext=1", + key: []byte{0x9e, 0xfe, 0x51, 0x56, 0xf3, 0x75, 0xa7, 0xd4, 0x72, 0x20, 0xec, 0x56, 0xc8, 0x56, 0xb1, 0x96, 0xb4, 0x9f, 0x32, 0x44, 0x88, 0x6d, 0x13, 0x94, 0xa6, 0x58, 0xe7, 0x98, 0xb3, 0xc9, 0xcc, 0xe8}, + nonce: []byte{0x4b, 0x5b, 0x79, 0xa4, 0x4c, 0x1, 0x27, 0x49, 0x50, 0x50, 0xaa, 0x49}, + plaintext: []byte{0x2b}, + aad: []byte{0xef, 0x29, 0x6c, 0x86, 0x6c, 0x45, 0xb8, 0xd4, 0x3d, 0x81, 0xf, 0xb, 0x39, 0xeb, 0xa0, 0xad, 0xf7, 0x5f, 0x48, 0xaa, 0xf1, 0xc, 0x17, 0xcf, 0x36, 0xa4, 0x2, 0xe1, 0x54, 0xf9}, + ciphertext: []byte{0x1e, 0x7a, 0xf0, 0x8d, 0x3, 0x8a, 0x30, 0x38, 0x53, 0x33, 0xe3, 0xc0, 0x5, 0x5e, 0x6f, 0x1c, 0x30}, + }, + { + description: "AES-256/AAD=30/Plaintext=3", + key: []byte{0x14, 0xe9, 0xe, 0xd5, 0x57, 0x6d, 0x45, 0x7d, 0xa5, 0x29, 0xe7, 0x73, 0xfc, 0xc, 0x31, 0x36, 0xd4, 0x55, 0xaa, 0x8d, 0xc9, 0xe0, 0x6d, 0xd6, 0xa, 0xe, 0xf5, 0xc8, 0xb7, 0x39, 0xfe, 0x6e}, + nonce: []byte{0x5f, 0x2, 0x3d, 0x55, 0x26, 0x76, 0x63, 0x58, 0x80, 0x45, 0x59, 0x20}, + plaintext: []byte{0x55, 0x93, 0x2}, + aad: []byte{0x39, 0x2, 0x41, 0x86, 0xe5, 0x48, 0x47, 0x58, 0xf4, 0xed, 0x9c, 0x6b, 0x46, 0x78, 0x28, 0xa2, 0x3f, 0xfa, 0x37, 0x17, 0x8e, 0x43, 0x63, 0x65, 0xb9, 0xf, 0x35, 0xac, 0xbc, 0xf4}, + ciphertext: []byte{0xd3, 0x6a, 0x61, 0xa3, 0xf4, 0x9f, 0xa, 0xc0, 0x2e, 0x93, 0xa1, 0x72, 0xb5, 0xa6, 0x5, 0x6f, 0xe9, 0x95, 0x67}, + }, + { + description: "AES-256/AAD=30/Plaintext=13", + key: []byte{0xa6, 0xe2, 0x43, 0x35, 0xdd, 0x8, 0x7b, 0x1e, 0xd9, 0x63, 0x96, 0x3e, 0x4b, 0xc3, 0xf8, 0x33, 0xaa, 0xdc, 0xbe, 0x25, 0xf3, 0x91, 0x1b, 0xf8, 0x55, 0x1f, 0xfa, 0x3c, 0xfd, 0xef, 0xd0, 0xb2}, + nonce: []byte{0x1b, 0xcc, 0xb9, 0x19, 0x66, 0xb2, 0x4f, 0x81, 0x3e, 0x66, 0xe6, 0xb8}, + plaintext: []byte{0x83, 0x40, 0xf4, 0x37, 0x6c, 0xc9, 0x6b, 0x13, 0x46, 0x1a, 0xa3, 0x84, 0xad}, + aad: []byte{0xa0, 0xda, 0x3d, 0x5f, 0x7a, 0xf1, 0xcc, 0x81, 0x13, 0x6c, 0xf6, 0x4a, 0xd0, 0xdb, 0xe6, 0xed, 0x9d, 0x5e, 0xdd, 0xb9, 0x19, 0xf, 0x4b, 0xa1, 0x48, 0xb, 0x2d, 0x7f, 0xed, 0xa8}, + ciphertext: []byte{0x63, 0x52, 0x21, 0xe4, 0xd2, 0x48, 0x1b, 0xb2, 0xe0, 0xac, 0xaf, 0xab, 0xc8, 0x3b, 0xa3, 0xc9, 0x6, 0xb4, 0xdd, 0x96, 0x41, 0x1, 0x8e, 0xe8, 0x14, 0xa5, 0x6f, 0xbc, 0x6b}, + }, + { + description: "AES-256/AAD=30/Plaintext=16", + key: []byte{0xde, 0x26, 0x56, 0xbc, 0x9a, 0x6b, 0xb8, 0x15, 0xc2, 0x12, 0x62, 0x57, 0x55, 0x8, 0x4e, 0x31, 0x23, 0xe1, 0x57, 0x39, 0xde, 0x97, 0xd3, 0xac, 0xac, 0x47, 0x80, 0xb2, 0x83, 0x6f, 0x7a, 0x48}, + nonce: []byte{0xcd, 0x3f, 0xd0, 0x54, 0x4, 0xcf, 0xad, 0x3, 0xcc, 0x66, 0x69, 0x5}, + plaintext: []byte{0xec, 0x2, 0x6b, 0x9e, 0x6a, 0x94, 0xa9, 0x53, 0xf2, 0xd4, 0xf8, 0x16, 0x72, 0x99, 0xd2, 0xa7}, + aad: []byte{0xa2, 0xdd, 0xad, 0x8a, 0xb6, 0xc7, 0x26, 0xe6, 0xbe, 0x2e, 0xca, 0x3a, 0xec, 0xeb, 0x34, 0xf, 0xd7, 0x3b, 0xfc, 0x9, 0x78, 0x68, 0x68, 0x6b, 0x77, 0x27, 0x1f, 0xf, 0x62, 0xfb}, + ciphertext: []byte{0x3c, 0xe9, 0xfb, 0xce, 0xff, 0x54, 0x6a, 0xe5, 0xb9, 0xa9, 0x17, 0xbc, 0xf, 0xc, 0x1e, 0xd1, 0x28, 0x49, 0xff, 0xfc, 0x86, 0x76, 0x39, 0xa6, 0x59, 0xdb, 0xd5, 0x0, 0x8e, 0x38, 0x35, 0x75}, + }, + { + description: "AES-256/AAD=30/Plaintext=51", + key: []byte{0x38, 0xe3, 0x55, 0x55, 0x5e, 0x53, 0x25, 0x30, 0x58, 0x78, 0x44, 0x83, 0x5a, 0x67, 0xff, 0xe7, 0x1d, 0x73, 0x97, 0x6e, 0xef, 0xf9, 0x35, 0xd3, 0x6b, 0xbf, 0x24, 0x3a, 0x99, 0xbb, 0x6e, 0x55}, + nonce: []byte{0xba, 0x3a, 0x6e, 0xde, 0x4d, 0x2e, 0xa4, 0x73, 0x74, 0xa6, 0x45, 0xe}, + plaintext: []byte{0x47, 0xf5, 0xf0, 0xd6, 0x2e, 0x51, 0x2d, 0x1e, 0x38, 0x87, 0x11, 0x58, 0xf2, 0x19, 0xc1, 0x4a, 0xac, 0x49, 0x35, 0x37, 0xdc, 0x7, 0xf0, 0x87, 0xc1, 0x63, 0x4d, 0x63, 0x9e, 0xdc, 0xa, 0xb3, 0x25, 0xff, 0x3, 0xe2, 0x61, 0x52, 0x6, 0x2c, 0xbf, 0x21, 0x34, 0x4a, 0x8b, 0x5d, 0x34, 0xce, 0x99, 0x57, 0xc5}, + aad: []byte{0xa1, 0x1d, 0x59, 0x32, 0x88, 0x3a, 0xb9, 0x51, 0x16, 0xfc, 0xb5, 0x72, 0xf7, 0xc5, 0x64, 0x5e, 0x97, 0x8, 0xce, 0x4, 0x45, 0x47, 0x40, 0xd7, 0xba, 0x88, 0x88, 0x35, 0x8, 0x8c}, + ciphertext: []byte{0xba, 0x4c, 0x55, 0xf0, 0xd5, 0xd7, 0xfd, 0x8, 0xf8, 0xf8, 0xda, 0xe0, 0x45, 0x92, 0xf6, 0xa0, 0x84, 0xfe, 0xb5, 0x99, 0x60, 0xc2, 0x18, 0xcd, 0x47, 0xd1, 0xcd, 0xa5, 0x6e, 0x5a, 0xca, 0xb4, 0xb2, 0xf8, 0x97, 0x42, 0x10, 0xaf, 0x46, 0x3a, 0x19, 0x58, 0xf2, 0xf3, 0x74, 0x90, 0x5c, 0x80, 0x68, 0x67, 0x6c, 0x65, 0xa1, 0x49, 0xc0, 0x9e, 0xa4, 0x59, 0xff, 0x7, 0xf1, 0xd3, 0x1e, 0x35, 0xa2, 0x3, 0x29}, + }, +}