From nobody Tue Jul 8 14:08:22 2014 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 099031A007A for ; Tue, 8 Jul 2014 14:04:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RAgiJOAwgSzd for ; Tue, 8 Jul 2014 14:03:55 -0700 (PDT) Received: from mail-ve0-x229.google.com (mail-ve0-x229.google.com [IPv6:2607:f8b0:400c:c01::229]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 817701A0061 for ; Tue, 8 Jul 2014 14:03:55 -0700 (PDT) Received: by mail-ve0-f169.google.com with SMTP id pa12so6273341veb.14 for ; Tue, 08 Jul 2014 14:03:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to:content-type; bh=E3KyCQp5lcLGwAU6zew60slTqZUXemaKh1ikBBECVZw=; b=p3TZCgiLyhkTlOq0Qz/lrshMrcGIKg+H4O/YOET8DOiKqdNjTQkYPy3E90FjYU7TuA jds9POT6EF7lJoFl/qjRZ78g00Z3PICotl8aWNYhtpSh04gWz55YwNMXjxHRoCDvUOxe 2YQfzxPg37lyE5XnZrlbWpMOrohvNYDYmyOqgbNnTdM42haMPOOEAkfobKRpEf5QMcqk cN6MugdqNLP4GfFuKHsZl6spKY0Sfp2YUqu6bBzxrVZ149/u0opSW8Hpfy7pDhpForme eOuKPjDevRQYHy9rYWv8XZY4+gFxjae19FK+Vg4jMNHE2la4qAEVxt7lfxTRuj0lu2Ii VD+A== X-Received: by 10.220.175.70 with SMTP id w6mr4037vcz.72.1404853434543; Tue, 08 Jul 2014 14:03:54 -0700 (PDT) MIME-Version: 1.0 Received: by 10.52.101.198 with HTTP; Tue, 8 Jul 2014 14:03:34 -0700 (PDT) From: David Leon Gil Date: Tue, 8 Jul 2014 17:03:34 -0400 Message-ID: To: openpgp@ietf.org Content-Type: multipart/mixed; boundary=047d7b3a93e0ed94e804fdb4ede3 Archived-At: http://mailarchive.ietf.org/arch/msg/openpgp/OQebBO9sn2o8o6b6f5KLErqfhl0 X-Mailman-Approved-At: Tue, 08 Jul 2014 14:08:10 -0700 Subject: [openpgp] OpenPGP semantics; questions re DH, SHA-1 with EC privkeys X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Jul 2014 21:04:08 -0000 --047d7b3a93e0ed94e804fdb4ede3 Content-Type: text/plain; charset=UTF-8 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 As there has recently been some interest in new implementations of OpenPGP (vide sig infra), it occurred to me that a more concise, slightly more formal definition of the OpenPGP packet syntax might be useful to implementers.[^nb] So I dashed up a quick draft, vaguely in the XPEG (parsing-expression-grammar with semantic-reductions) style,[^xpeg] of a syntax with non-cryptographic semantic constraints for RFCs 4880 (v4), 5581 (Camellia), and 6637 (EC). It includes packet headers, packets, algorithms, signature subpackets, ASCII armor, and cleartext signatures; it does not yet include packet compositions and the validity constraints on those. (In only 1100 kind-of line-like things!) I was curious if anyone had anything to add (or noticed any blunders)? (And has someone else done this that I'm not aware of?) I'm particularly interested in the following questions, which are slightly unclear from the RFCs and what I could find on the list: 1. Did X9.42 DH ever see widespread use in any context? (If so, is there a reference for the ASFs used?) I recall *using* prime-field DH with an OpenPGP client many years ago, but I believe that it was especially patched as a test of that functionality. 2. Is it intended for SHA-1 to be permitted for use with the Iterated and Salted S2K method in RFC 6637 for private key storage? (The plain text of the RFC does not forbid it, even though it forbids its use as an ECDH KDF.) It is implicitly forbidden for use as the S2K algorithm in packet compositions with ECDH and SKESK packets at the 192-bit security level -- its output is only 180 bits.) 3. Are there any common packet types, signature packet subtypes, or algorithms that are moderately interoperable (e.g., recognized by most PGP software or keyservers) but not included in an RFC? (E.g., I think that GnuPG's(?) keyring format contains some things that other software recognizes.) And the following question, which the RFC is clear on: 4. RFC 4880 explicitly states that a user ID and signature are optional for a public or private key packet composition to be importable. Most(?) PGP software requires both for prime-based keys. I'd suggest that requiring a signature is undesirable for ECDH or DH keys. Are there any implementations that support this at present? Or should the requirement for user ID and signature packets just be added as a consensus constraint that hasn't made it to RFC form yet? (The source for the grammar is under https://github.com/coruus/openpgp-semantics) The syntax is attached as a "Markdown" file, but I recommend reading it in a monospaced font. - -dlg [^nb]: This is not to suggest, of course, that there is any substitute for reading the RFCs. [^xpeg]: See, e.g., TRX, http://arxiv.org/abs/1105.2576. -----BEGIN PGP SIGNATURE----- Version: End-To-End v0.3.1338 wv8AAABmBAETCAAY/wAAAAWCU7xcif8AAAAJkADAmcXA0CgpAABO2gEAhBTDGf8Y 30WFKX3tCWbT9Vq/rKNN9X2HT6YlJkSIF9kA/AydkuTiP6MJHXUUPdcU8pNTSWI1 Afyc9NrxCQVs17Da =BxME -----END PGP SIGNATURE----- --047d7b3a93e0ed94e804fdb4ede3 Content-Type: application/octet-stream; name="openpgp-syntax.markdown" Content-Disposition: attachment; filename="openpgp-syntax.markdown" Content-Transfer-Encoding: base64 X-Attachment-Id: f_hxdp9btg0 T3BlblBHUCBzeW50YXggYW5kIHNlbWFudGljIHZhbGlkaXR5Cj09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PQooaW5jb21wbGV0ZSBkcmFmdCkKLS0tLS0tLS0tLS0tLS0tLS0tCgpJ bnRyb2R1Y3Rpb24KPT09PT09PT09PT09CgpBIG5vdGU6IEFsbCByZWZlcmVuY2VzIGFyZSB0byBS RkMgNDg4MCwgdW5sZXNzIG90aGVyd2lzZSBzcGVjaWZpZWQuCgpDb21tb24gZGVmaW5pdGlvbnMK PT09PT09PT09PT09PT09PT09PQoKVE9ETyBjbGVhbnVwIGFuZCBtYWtlIGJpbmRpbmdzIGNvbnNp c3RlbnQKCiMjIE5vdGVzIG9uIHR5cGVzCgogICAgX3x8XyA6IChCb29sLCBCb29sKSAtPiBCb29s CiAgICBffF8gIDogKHtUeXBlfUEsIHtUeXBlfUIpIC0+IChBICsgQikKICAgICMgKE5vdGUgdGhh dCB0aGUgfCBvcGVyYXRvciByZXByZXNlbnRzIG9yZGVyZWQgY2hvaWNlLikKICAgIG1hcCA6IChU IC0+IFQpIC0+IChTZXF1ZW5jZVtUXSAtPiBTZXF1ZW5jZVtUXSkKICAgIHRha2UgOiAoU2VxdWVu Y2UsIE5hdCwgTmF0KSAtPiAoU2VxdWVuY2UpCgojIyBOb3RlcyBvbiBzeW1ib2xzCgpYUEVHLWxp a2UgZ3JhbW1hcjsgc3ltYm9scywgd2l0aCBmaXhpdHkgcGF0dGVybnM6CgogICAgXF8gICAgOiB0 aGUgbGFtYmRhIHN5bWJvbDsgaW50cm9kdWNlcyBhIG5hbWUgYmluZGluZwogICAgL18gICAgOiB0 ZXN0cyBmb3Igc3ltYm9sIGJpbmRpbmcKICAgICZfICAgIDogYWxsb3dzIHBhcnNpbmcgdG8gcHJv Y2VlZCBvbmx5IGlmIHByb3Bvc2l0aW9uIGlzIGVxdWFsIHRvIFRydWUKICAgIF8rK18gIDogc2Vx dWVuY2UgY29uY2F0ZW5hdGlvbgogICAgXy0tXyAgOiBzZXQgKG9yIHByb2R1Y3Rpb24pIHN1YnRy YWN0aW9uCiAgICBfL18gICA6IHNldCAob3IgcHJvZHVjdGlvbikgc3ltbWV0cmljIGRpZmZlcmVu Y2UKICAgID4+PV8gIDogc2VtYW50aWMgcmVkdWN0aW9uIG9mIGEgcHJvZHVjdGlvbgogICAgXzo6 PV8gOiBhIHByb2R1Y3Rpb24KICAgIF89XyAgIDogYSBuYW1lZCBieXRlCgoKQmFzaWMgZGF0YXR5 cGVzCi0tLS0tLS0tLS0tLS0tLQoKVW5zaWduZWQgYmlnLWVuZGlhbiBpbnRlZ2VycyAodWJpbnRz KToKCiAgICBieXRlICAgICAgIDo6PSAwLi4yNTUKICAgICAgICAgICAgICAgPj49IFx4ID0gTmF0 KHgwKQogICAgdHdvX29jdGV0ICA6Oj0gYnl0ZSBieXRlCiAgICAgICAgICAgICAgID4+PSBceCA9 IHgwPDw4ICsgeDEKICAgIGZvdXJfb2N0ZXQgOjo9IHR3b19vY3RldCB0d29fb2N0ZXQKICAgICAg ICAgICAgICAgPj49IFx4ID0geDA8PDE2ICsgeDEKClNlcXVlbmNlcyBvZiBieXRlczoKCiAgICBi eXRlc1tOYXRdIDogU2VxdWVuY2V7TmF0fVtOYXRdCgpPbGQtc3R5bGUgbGVuZ3RocyBhcmUganVz dCB1YmludHM7IHRoZWlyIGxlbmd0aCBpcyBpbXBsaWNpdGx5IHNlbGVjdGVkCmJ5IG90aGVyIHN5 bnRhY3RpYyBlbGVtZW50cy4KCiAgICBsZW5fb2xkMSA6Oj0gYnl0ZQogICAgICAgICAgICAgPj49 IFxsZW5ndGggPSB4MAogICAgbGVuX29sZDIgOjo9IHR3b19vY3RldAogICAgICAgICAgICAgPj49 IFxsZW5ndGggPSB4MAogICAgbGVuX29sZDQgOjo9IGZvdXJfb2N0ZXQKICAgICAgICAgICAgID4+ PSBcbGVuZ3RoID0geDAKCk5ldy1zdHlsZSBsZW5ndGhzICg0LjIuMikgaW1wbGljaXRseSBlbmNv ZGUgdGhlaXIgb3duIGxlbmd0aDoKCiAgICBsZW5fbmV3MSA6Oj0gMC4uMTkyICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIyA0LjIuMi4xCiAgICAgICAgICAgICA+Pj0gXGxl bmd0aCA9IE5hdCh4MCkKICAgIGxlbl9uZXcyIDo6PSAxOTIuLjIyMyAwLi4yNTUgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAjIDQuMi4yLjIKICAgICAgICAgICAgID4+PSBcbGVuZ3RoID0g TmF0KCh4MCAtIDE5Mik8PDggKyB4MSArIDE5MikKICAgIGxlbl9uZXc0IDo6PSAyNTUgYnl0ZSBi eXRlIGJ5dGUgYnl0ZSAgICAgICAgICAgICAgICAgICAgICAjIDQuMi4yLjMKICAgICAgICAgICAg ID4+PSBcbGVuZ3RoID0gTmF0KHgxPDwyNCArIHgyPDwxNiArIHgzPDw4ICsgeDQpCiAgICBsZW5f bmV3ICA6Oj0gKGxlbl9uZXcxIHwgbGVuX25ldzIgfCBsZW5fbmV3NCB8IGxlbl9uZXdfcGFydGlh bCkKCk5ldy1zdHlsZSBsZW5ndGhzIHdpdGggdGhlaXIgZmlyc3QgYnl0ZSBpbiAxOTIuLjIyMyBl bmNvZGUgYSAqcGFydGlhbCogYm9keQpsZW5ndGggKDQuMi4yLjQpLAoKICAgIGxldCBwYXJ0aWFs X2xlbmd0aCB4ID0gTmF0KDEgPDwgKHgmMHgxZikpCgp3aGljaCwgYnkgZGVmaW5pdGlvbiwgaXMg aW4gezJebiA6IG4gL2luIDAuLjMwLiBPdGhlciBzZW1hbnRpYwpjb25kaXRpb25zIGFwcGx5OgoK ICAgICBwYWNrZXRfYm9keSA8PD0gbmlsCiAgICAgbGVuX25ld19wYXJ0aWFsIDo6PSAyMjQuLjI1 NCBieXRlc1tsZW5ndGhdIGxlbl9uZXcKICAgICAgICAgICAgICAgICAgICAgPj49IFxsZW5ndGgg PSBwYXJ0aWFsX2xlbmd0aCh4MCkKICAgICAgICAgcGFja2V0X2JvZHkgPDw9IHBhY2tldF9ib2R5 ICsrIHgxCgpPdGhlciBjb21tb24gdHlwZXMKLS0tLS0tLS0tLS0tLS0tLS0tCgpTb21lIG90aGVy IGNvbW1vbmx5IHVzZWQgdHlwZXM6CgogICAgc2hhMV9oYXNoICAgOjo9IGJ5dGVbMjBdCiAgICBm aW5nZXJwcmludCA6Oj0gc2hhMV9oYXNoCgpBbmQgdGltZXN0YW1wcyB3aXRoIGEgcG9pbnQgYXQg aW5maW5pdHk6CgogICAgVGltZSA6IChOYXQrSW5mKQogICAgdGltZXN0YW1wICAgOjo9IGZvdXJf b2N0ZXQ6VGltZQogICAgdGltZXN0YW1wb3JpbmYgOjo9IHRpbWVzdGFtcAogICAgICAgICAgICAg ICAgICAgPj49IFx4ID0gSUYgeDAgPT0gMCBUSEVOIEluZjpUaW1lIEVMU0UgeDAKCiMgRWxsaXB0 aWMgY3VydmUgY3J5cHRvZ3JhcGh5IGRlZmluaXRpb25zCgojIyMgQ3VydmUgT0lEcwoKUkZDIDY2 Mzcgcy4gMTE6CgogICAgY3VydmVfb2lkX3AyNTYgOjo9IDB4MDggMHgyYSAweDg2IDB4NDggMHhj ZSAweDNkIDB4MDMgMHgwMSAweDA3CiAgICBjdXJ2ZV9vaWRfcDM4NCA6Oj0gMHgwNSAweDJiIDB4 ODEgMHgwNCAweDAwIDB4MjIKICAgIGN1cnZlX29pZF9wNTIxIDo6PSAweDA1IDB4MmIgMHg4MSAw eDA0IDB4MDAgMHgyMwoKICAgIGVjX2N1cnZlX29pZCAgIDo6PSBjdXJ2ZV9vaWRfcDI1NiB8IGN1 cnZlX29pZF9wMzg0IHwgY3VydmVfb2lkX3A1MjEKCiMjIyBBbGdvcml0aG0gbGltaXRhdGlvbnMK ClJGQyA2NjM3IHMuIDExLTEzOiBTSEEyIGlzIHRoZSBvbmx5IHBlcm1pdHRlZCBoYXNoIGFsZ29y aXRobSBmb3IgdGhlCkVDREggS0RGLCBhbmQgZm9yIEVDRFNBIGhhc2hlcy10by1zaWduOgoKICAg IGVjX2hhc2hfYWxnbyAgOjo9IGhhc2hfYWxnb19zaGEyCgpGb3IgRUNESDoKCiAgICBlY2RoX2tl a19hbGdvICAgOjo9IHN5bW1fYWxnb19hZXMKICAgIGVjZGhfa2RmX3BhcmFtcyA6Oj0gZWNkaF9r ZGZfYWxnbzplY19oYXNoX2FsZ28gZWNkaF9rZWtfYWxnbwoKCiMgUGFja2V0IHRhZ3MKClJGQyA0 ODgwIHMuIDQuMi4wLgoKIyMgUFRhZyBiaXQtbGV2ZWwgZGlhZ3JhbQoKICAgICAgICAgID09PT09 PT09PT09PT09PT09IG9sZC1mb3JtYXQKICAgICAgICAgIDEgMD09PT09PT09PT09PT09PT09PT09 PT09PT0KICAgICAgICAgIHwgfCAtLS0tLS0tLS0tLS0tIHBhY2tldCB0YWcKICAgICAgICAgIHwg fCB8IHwgfCB8IC0tLS0tIGxlbmd0aCB0eXBlCiAgICAgICAgICstLS0tLS0tLS0tLS0tLS0rCiAg ICBQVGFnIHw3IDYgNSA0IDMgMiAxIDB8CiAgICAgICAgICstLS0tLS0tLS0tLS0tLS0rCiAgICAg ICAgICB8IHwgfCB8IHwgfCB8IHwKICAgICAgICAgIHwgfCAtLS0tLS0tLS0tLS0tIHBhY2tldCB0 YWcKICAgICAgICAgIDEgMSA9PT09PT09PT09PT09PT09PT09PT09PT0KICAgICAgICAgID09PT09 PT09PT09PT09PT09IG5ldy1mb3JtYXQKCiMjIFNwZWNpYWwgcGFja2V0IHRhZyB0eXBlcwoKV2Ug ZGVmaW5lIHR3byB0eXBlcyB0byByZXByZXNlbnQgcGFja2V0cyB3aG9zZSBjb250ZW50cyBhcmUg b3BhcXVlOgoKICAgICMgQW4gb3BhcXVlLCBwb3NzaWJseSB2YWxpZCBwcml2YXRlIHBhY2tldCBi b2R5CiAgICBwcml2YXRlX2JvZHkgOjo9IGJ5dGVzW2xlbmd0aF0KCiAgICAjIEFuIG9wYXF1ZSwg aW52YWxpZCBwYWNrZXQgYm9keQogICAgaW52YWxpZF9wYWNrZXRfYm9keSA6Oj0gYnl0ZXNbbGVu Z3RoXQoKVGhlIGludmFsaWQgcGFja2V0IGJvZHkgdHlwZSBpcyB1c2VkIHRvIHJlY292ZXIgcGFy c2luZyBmcm9tIGFuIGludmFsaWQKcGFja2V0OyB0aGlzIGlzIG5lZWRlZCB0byByZXBsaWNhdGUg dGhlIGJlaGF2aW9yIG9mIHR5cGljYWwgT3BlblBHUAppbXBsZW1lbnRhdGlvbnMuCgojIyBPbGQt IG9yIG5ldy1mb3JtYXQgdGFnIHR5cGVzICh0eXBlIDwgMTYpCgpBbGwgNC1iaXQgdGFnIHR5cGVz LCBvbGQtIG9yIG5ldy1mb3JtYXQgUFRhZ3M6CgogICAgcHJpdmF0ZTAgOjo9XAogICAgICAoICAw eDAwIGxlbl9vbGQxIHwgMHgwMSBsZW5fb2xkMiB8IDB4MDIgbGVuX29sZDQgfCAweGMwIGxlbl9u ZXcpCiAgICAgIChwcml2YXRlX2JvZHkgfCBpbnZhbGlkX3RhZ19ib2R5KQogICAgcGtlc2sgOjo9 XAogICAgICAoICAweDA0IGxlbl9vbGQxIHwgMHgwNSBsZW5fb2xkMiB8IDB4MDYgbGVuX29sZDQg fCAweGMxIGxlbl9uZXcpCiAgICAgIChwa2Vza19ib2R5IHwgaW52YWxpZF90YWdfYm9keSkKICAg IHNpZyA6Oj1cCiAgICAgICggIDB4MDggbGVuX29sZDEgfCAweDA5IGxlbl9vbGQyIHwgMHgwYSBs ZW5fb2xkNCB8IDB4YzIgbGVuX25ldykKICAgICAgKHNpZ19ib2R5IHwgaW52YWxpZF90YWdfYm9k eSkKICAgIHNrZXNrIDo6PVwKICAgICAgKCAgMHgwYyBsZW5fb2xkMSB8IDB4MGQgbGVuX29sZDIg fCAweDBlIGxlbl9vbGQ0IHwgMHhjMyBsZW5fbmV3KQogICAgICAoc2tlc2tfYm9keSB8IGludmFs aWRfdGFnX2JvZHkpCiAgICBvbmVwYXNzX3NpZyA6Oj1cCiAgICAgICggIDB4MTAgbGVuX29sZDEg fCAweDExIGxlbl9vbGQyIHwgMHgxMiBsZW5fb2xkNCB8IDB4YzQgbGVuX25ldykKICAgICAgKG9u ZXBhc3Nfc2lnX2JvZHkgfCBpbnZhbGlkX3RhZ19ib2R5KQogICAgc2VjcmV0a2V5IDo6PVwKICAg ICAgKCAgMHgxNCBsZW5fb2xkMSB8IDB4MTUgbGVuX29sZDIgfCAweDE2IGxlbl9vbGQ0IHwgMHhj NSBsZW5fbmV3KQogICAgICAoc2VjcmV0a2V5X2JvZHkgfCBpbnZhbGlkX3RhZ19ib2R5KQogICAg cHVibGlja2V5IDo6PVwKICAgICAgKCAgMHgxOCBsZW5fb2xkMSB8IDB4MTkgbGVuX29sZDIgfCAw eDFhIGxlbl9vbGQ0IHwgMHhjNiBsZW5fbmV3KQogICAgICAocHVibGlja2V5X2JvZHkgfCBpbnZh bGlkX3RhZ19ib2R5KQogICAgc2VjcmV0c3Via2V5IDo6PVwKICAgICAgKCAgMHgxYyBsZW5fb2xk MSB8IDB4MWQgbGVuX29sZDIgfCAweDFlIGxlbl9vbGQ0IHwgMHhjNyBsZW5fbmV3KQogICAgICAo c2VjcmV0c3Via2V5X2JvZHkgfCBpbnZhbGlkX3RhZ19ib2R5KQogICAgY29tcHJlc3NlZCA6Oj1c CiAgICAgICggIDB4MjAgbGVuX29sZDEgfCAweDIxIGxlbl9vbGQyIHwgMHgyMiBsZW5fb2xkNCB8 IDB4YzggbGVuX25ldykKICAgICAgKGNvbXByZXNzZWRfYm9keSB8IGludmFsaWRfdGFnX2JvZHkp CiAgICBzZWRwIDo6PVwKICAgICAgKCAgMHgyNCBsZW5fb2xkMSB8IDB4MjUgbGVuX29sZDIgfCAw eDI2IGxlbl9vbGQ0IHwgMHhjOSBsZW5fbmV3KQogICAgICAoc2VkcF9ib2R5IHwgaW52YWxpZF90 YWdfYm9keSkKICAgIG1hcmtlciA6Oj1cCiAgICAgICggIDB4MjggbGVuX29sZDEgfCAweDI5IGxl bl9vbGQyIHwgMHgyYSBsZW5fb2xkNCB8IDB4Y2EgbGVuX25ldykKICAgICAgKG1hcmtlcl9ib2R5 IHwgaW52YWxpZF90YWdfYm9keSkKICAgIGxpdGVyYWwgOjo9XAogICAgICAoICAweDJjIGxlbl9v bGQxIHwgMHgyZCBsZW5fb2xkMiB8IDB4MmUgbGVuX29sZDQgfCAweGNiIGxlbl9uZXcpCiAgICAg IChsaXRlcmFsX2JvZHkgfCBpbnZhbGlkX3RhZ19ib2R5KQogICAgdHJ1c3QgOjo9XAogICAgICAo ICAweDMwIGxlbl9vbGQxIHwgMHgzMSBsZW5fb2xkMiB8IDB4MzIgbGVuX29sZDQgfCAweGNjIGxl bl9uZXcpCiAgICAgICh0cnVzdF9ib2R5IHwgaW52YWxpZF90YWdfYm9keSkKICAgIHVzZXJpZCA6 Oj1cCiAgICAgICggIDB4MzQgbGVuX29sZDEgfCAweDM1IGxlbl9vbGQyIHwgMHgzNiBsZW5fb2xk NCB8IDB4Y2QgbGVuX25ldykKICAgICAgKHVzZXJpZF9ib2R5IHwgaW52YWxpZF90YWdfYm9keSkK ICAgIHB1YmxpY3N1YmtleSA6Oj1cCiAgICAgICggIDB4MzggbGVuX29sZDEgfCAweDM5IGxlbl9v bGQyIHwgMHgzYSBsZW5fb2xkNCB8IDB4Y2UgbGVuX25ldykKICAgICAgKHB1YmxpY3N1YmtleV9i b2R5IHwgaW52YWxpZF90YWdfYm9keSkKICAgIHByaXZhdGUxNSA6Oj1cCiAgICAgICggIDB4M2Mg bGVuX29sZDEgfCAweDNkIGxlbl9vbGQyIHwgMHgzZSBsZW5fb2xkNCB8IDB4Y2YgbGVuX25ldykK ICAgICAgKHByaXZhdGVfYm9keSB8IGludmFsaWRfdGFnX2JvZHkpCgojIyBOZXctZm9ybWF0IHRh ZyB0eXBlcyAodHlwZSA+IDE1KQoKQWxsIDYtYml0IHRhZyB0eXBlcyA+IDE1IDwgMjQsIG5ldy1m b3JtYXQgUFRhZ3Mgb25seToKCiAgICBwcml2YXRlMTYgOjo9XAogICAgICAweGQwIGxlbl9uZXcg KHByaXZhdGVfYm9keSB8IGludmFsaWRfdGFnX2JvZHkpCiAgICB1c2VyYXR0cmliIDo6PVwKICAg ICAgMHhkMSBsZW5fbmV3ICh1c2VyYXR0cmliX2JvZHkgfCBpbnZhbGlkX3RhZ19ib2R5KQogICAg c2VpcGQgOjo9XAogICAgICAweGQyIGxlbl9uZXcgKHNlaXBkX2JvZHkgfCBpbnZhbGlkX3RhZ19i b2R5KQogICAgbWRjIDo6PVwKICAgICAgMHhkMyBsZW5fbmV3IChtZGNfYm9keSB8IGludmFsaWRf dGFnX2JvZHkpCiAgICBwcml2YXRlMjAgOjo9XAogICAgICAweGQ0IGxlbl9uZXcgKHByaXZhdGVf Ym9keSB8IGludmFsaWRfdGFnX2JvZHkpCiAgICBwcml2YXRlMjEgOjo9XAogICAgICAweGQ1IGxl bl9uZXcgKHByaXZhdGVfYm9keSB8IGludmFsaWRfdGFnX2JvZHkpCiAgICBwcml2YXRlMjIgOjo9 XAogICAgICAweGQ2IGxlbl9uZXcgKHByaXZhdGVfYm9keSB8IGludmFsaWRfdGFnX2JvZHkpCiAg ICBwcml2YXRlMjMgOjo9XAogICAgICAweGQ3IGxlbl9uZXcgKHByaXZhdGVfYm9keSB8IGludmFs aWRfdGFnX2JvZHkpCgojIEFsZ29yaXRobXMKCgojIyBQdWJsaWMta2V5IGFsZ29yaXRobXMKClJG QyA0ODgwIHMuIDkuMS4KCiMjIyBQcmltZS1iYXNlZCBjcnlwdG8KCiMjIyMgUlNBCgogICAgIyBS U0EKICAgIFJTQV9FUyAgICAgICAgICAgICA6Oj0gMQogICAgYWxnb19yc2FfZW5jICAgICAgIDo6 PSBSU0FfRT0yIHwgUlNBX0VTCiAgICBhbGdvX3JzYV9zaWcgICAgICAgOjo9IFJTQV9TPTMgfCBS U0FfRVMKCiAgICAjIFJTQSBwcmVkaWNhdGVzCiAgICBsZXQgXGlzX3JzYWUgeCAgICAgICA9ICh4 ID09IDIgfHwgeCA9PSAxKQogICAgbGV0IFxpc19yc2FzIHggICAgICAgPSAoeCA9PSAzIHx8IHgg PT0gMSkKICAgIGxldCBcaXNfcnNhICB4ICAgICAgID0gKHggXGluIHsxLDIsM30pCgojIyMjIE90 aGVyIHByaW1lLWJhc2VkIGNyeXB0bwoKVE9ETyhkbGcpOiBQUyB1c2Ugb2YgWDkuNDIgREg/Cgog ICAgYWxnb19lbGdfZXMgICAgICAgIDo6PSBFTEdfRVM9MjAKICAgIGFsZ29fZWxnX2VuYyAgICAg ICA6Oj0gRUxHX0U9MTYKICAgIGFsZ29fZGh4OTQyX2VuYyAgICA6Oj0gREhfWDk0Mj0yMQoKICAg ICMgUHJpbWUtYmFzZWQgZW5jcnlwdGlvbgogICAgYWxnb19wcmltZV9lbmMgICAgIDo6PSBhbGdv X2VsZ19lbmMgfCBhbGdvX3JzYV9lbmMgfCBhbGdvX2RoeDk0Ml9lbmMKCiAgICAjIFByaW1lLWJh c2VkIHNpZ25hdHVyZXMKICAgIGFsZ29fcHJpbWVfc2lnICAgICA6Oj0gYWxnb19yc2Ffc2lnIHwg YWxnb19kc2EgfCBhbGdvX2VsZ19lcwoKIyMjIyBQcmltZS1iYXNlZCBjcnlwdG8gc3RhdHVzIHBy ZWRpY2F0ZQoKVGhlIHN0YXR1cyBvZiBwcmltZS1iYXNlZC1jcnlwdG8gYWxnb3JpdGhtcywgYWNj b3JkaW5nIHRvIFJGQzQ4ODA6CgogICAgbGV0IFxhbGdvX3N0YXR1cyB4ID0gQ0FTRSBESF9YOTQy IFRIRU4gInJlc2VydmVkIgogICAgICAgICAgICAgICAgICAgICAgICAgQ0FTRSBFTEdfRVMgIFRI RU4gImZvcm1lcmx5IgogICAgICAgICAgICAgICAgICAgICAgICAgQ0FTRSBSU0FfRVMgIFRIRU4g ImRlcHJlY2F0ZWQiCgojIyMgRWxsaXB0aWMtY3VydmUgY3J5cHRvCgpUaGUgRUMgYWxnb3JpdGht cyBkZWZpbmVkIGJ5IFJGQyA2NjM3IHMuIDU6CgogICAgYWxnb19lY2RoICAgICAgICAgIDo6PSBF Q0RIPTE4CiAgICBhbGdvX2VjZHNhICAgICAgICAgOjo9IEVDRFNBPTE5CgojIyMgVW5zcGVjaWZp ZWQgY3J5cHRvIGFsZ29yaXRobXMKCiAgICBQS19FWFBFUklNRU5UQUwgPSAxMDAuLjExMAogICAg UEtfVU5LTk9XTiAgICAgID0gNC4uMTUgfCAyMi4uOTkgfCAxMTEuLjI1NQoKICAgIGxldCBcYWxn b19wa19zaG91bGRudF9wcm9jZXNzIHggPSAoICAgeCBcaW4gUEtfRVhQRVJJTUVOVEFMCiAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHx8IHggXGluIFBLX1VOS05PV04KICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfHwgeCA9PSBFTEdfRVMpCgojIyBT eW1tZXRyaWMta2V5IGFsZ29yaXRobXMKClRoZSBzeW1tZXRyaWMta2V5IGVuY3J5cHRpb24gYWxn b3JpdGhtcyBkZWZpbmVkIGluIFJGQyA0ODgwIHMuIDkuMSwKZXh0ZW5kZWQgYnkgUkZDIDU1ODEu CgogICAgYWxnb19zeW1tICAgICAgICAgICA6Oj0gYWxnb19zeW1tX21vZGVybiB8IGFsZ29fc3lt bV9vbGQgfCBhbGdvX3N5bW1fb3RoZXIKClRoZSAicGxhaW50ZXh0IiBhbGdvcml0aG0sIGFsc28g a25vd24gYXMgKFxyb3QxMyleMjoKCiAgICBhbGdvX3N5bW1fcGxhaW50ZXh0IDo6PSBQTEFJTlRF WFQ9MAoKQUVTIGhhcyB0byBiZSBicm9rZW4gb3V0IGZyb20gb3RoZXIgYWxnb3JpdGhtcyB0byBz dXBwb3J0IFJGQyA2NjM3J3MKY29uc3RyYWludHMgb24gS0VLIGFsZ29yaXRobToKCiAgICAjIEFs Z29yaXRobXMgd2l0aCA8IDEyOC1iaXQgc2VjdXJpdHkgc3RyZW5ndGgKICAgIGFsZ29fc3ltbV9v bGQgICAgICAgOjo9IElERUE9MSB8IFRERVM9MiB8IENBU1Q1PTMgfCBCTE9XRklTSD00CiAgICAj IEFkdmFuY2VkIEVuY3J5cHRpb24gU3RhbmRhcmQKICAgIGFsZ29fc3ltbV9hZXMgICAgICAgOjo9 IEFFUzEyOD03IHwgQUVTMTkyPTggfCBBRVMyNTY9OQoKUkZDIDU1ODEncyBleHRlbnNpb24gdG8g YWRkIENhbWVsbGlhOgoKICAgIGFsZ29fc3ltbV9jYW1lbGxpYSAgOjo9IENBTUVMTElBMTI4PTEx IHwgQ0FNRUxMSUExOTI9MTIgfCBDQU1FTExJQTI1Nj0xMwoKV2UgYWxzbyBkZWZpbmUgYSBzZXQg b2YgbW9kZXJuKC1pc2gpIGNyeXB0byBhbGdvcml0aG1zOgoKICAgICMgQWxnb3JpdGhtcyB3aXRo ID49IDEyOC1iaXQgc2VjdXJpdHkgc3RyZW5ndGgsIG5vIHdlYWsga2V5cwogICAgYWxnb19zeW1t X21vZGVybiAgICA6Oj0gKCAgYWxnb19zeW1tX2FlcwogICAgICAgICAgICAgICAgICAgICAgICAg ICAgIHwgVFdPRklTSD0xMAogICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwgYWxnb19zeW1t X2NhbWVsbGlhICkKCiMjIyBVbnNwZWNpZmllZCBzeW1tZXRyaWMgY3J5cHRvIGFsZ29yaXRobXMK CldlIGRpZmZlcmVudGlhdGUgcmVzZXJ2ZWQsIHByaXZhdGUsIGFuZCB1bmRlZmluZWQgY3J5cHRv IGFsZ29yaXRobQpudW1iZXJzOgoKICAgIFNZTU1fUkVTRVJWRUQgICAgICAgOjo9IDUuLjYKICAg IFNZTU1fUFJJVkFURSAgICAgICAgOjo9IDEwMC4uMTA5CiAgICBTWU1NX1VOREVGSU5FRCAgICAg IDo6PSAxNC4uOTkgfCAxMTEuLjI1NQogICAgYWxnb19zeW1tX290aGVyICAgICA6Oj0gU1lNTV9S RVNFUlZFRCB8IFNZTU1fUFJJVkFURSB8IFNZTU1fVU5ERUZJTkVECgogCiMjIEhhc2ggYWxnb3Jp dGhtcwoKICAgIGFsZ29faGFzaCAgICAgICAgICA6Oj0gIGFsZ29faGFzaF9vbGQKICAgICAgICAg ICAgICAgICAgICAgICAgICB8IGFsZ29faGFzaF9zaGExCiAgICAgICAgICAgICAgICAgICAgICAg ICAgfCBhbGdvX2hhc2hfc2hhMgogICAgICAgICAgICAgICAgICAgICAgICAgIHwgYWxnb19oYXNo X290aGVyCgojIyMgSGFzaCBhbGdvcml0aG1zLCBvbGRlc3QKCiAgICBhbGdvX2hhc2hfb2xkICAg ICAgOjo9IE1ENT0xIHwgUklQRU1EMTYwPTMKICAgIGFsZ29faGFzaF9zaGExICAgICA6Oj0gU0hB MT0yCgoKIyMjIEhhc2ggYWxnb3JpdGhtcywgU0hBLTIKClNIQTItNTEyLzM4NCBpcyBicm9rZW4g b3V0IHNlcGFyYXRlbHk7IGl0cyB1c2UgaXMgcmVxdWlyZWQgZm9yIHRoZSBSRkMgNjYzNwpzLiAx Mi4yLjEgcHJvZmlsZS4KCiAgICBhbGdvX2hhc2hfc2hhMl81MTIgOjo9IFNIQTJfMzg0PTkgfCBT SEEyXzUxMj0xMAogICAgYWxnb19oYXNoX3NoYTIgICAgIDo6PSBTSEEyXzIyND0xMSB8IFNIQTJf MjU2PTggfCBhbGdvX2hhc2hfc2hhMl81MTIKCiMjIyBVbnNwZWNpZmllZCBoYXNoIGFsZ29yaXRo bXMKCiAgICBIQVNIX1JFU0VSVkVEICAgICAgOjo9IDQuLjcKICAgIEhBU0hfUFJJVkFURSAgICAg ICA6Oj0gMTAwLi4xMTAKICAgIEhBU0hfVU5ERUZJTkVEICAgICA6Oj0gMTExLi4yNTUKICAgIGFs Z29faGFzaF9vdGhlciAgICA6Oj0gSEFTSF9SRVNFUlZFRCB8IEhBU0hfUFJJVkFURSB8IEhBU0hf VU5ERUZJTkVECgoKIyMgU3RyaW5nLXRvLWtleSAoUzJLKSBzcGVjaWZpZXJzCgpTdHJpbmctdG8t a2V5IChTMkspIHNwZWNpZmllcnMgYXJlIHVzZWQgdG8gY29tYmluZSBhICJwYXNzd29yZCIgYW5k LApvcHRpb25hbGx5LCBzYWx0IGludG8gYSBzeW1tZXRyaWMgZW5jcnlwdGlvbiBrZXkuIFRoZSBz cGVjaWZpZXIgZm9ybWF0CmlzIGRlZmluZWQgYnkgUkZDIDQ4ODAgcy4gMy43LjEuCgojIyMgQ29t bW9uIGRlZmluaXRpb25zCgpJZiBzYWx0IGlzIHVzZWQsIGl0IGlzIGFsd2F5cyA4IGJ5dGVzIGxv bmc6CgogICBzMmtfc2FsdCAgICAgICAgICA6Oj0gYnl0ZXNbOF0KCiMjIyBTMksgc3BlY2lmaWVy IHR5cGVzCgpTMksgKnNwZWNpZmllcnMqIHNob3VsZCBub3QgYmUgY29uZnVzZWQgd2l0aCBTMksg KmNvbnZlbnRpb25zKjsgYW4gUzJLCmNvbnZlbnRpb24gY29udGFpbnMgYW4gUzJLIHNwZWNpZmll ci4KCiMjIyMgVW5kZWZpbmVkIFMySyBzcGVjaWZpZXJzCgpCZWNhdXNlIHRoZSBsZW5ndGggb2Yg YW4gUzJLIHNwZWNpZmllciBpcyBkZXRlcm1pbmVkIGJ5IGl0cyBkZWZpbml0aW9uLAp1bmRlZmlu ZWQgUzJLIHNwZWNpZmllcnMgcmVzdWx0IGluIHRoZSByZW1haW5kZXIgb2YgdGhlIHBhY2tldCBi ZWNvbWluZwp1bnBhcnNlYWJsZS4KCiAgICBzMmtfZXJyb3IgICAgICAgICA6Oj0gKDIgfCA0Li4y NTUpIGVycm9yCgojIyMjIFNpbXBsZSBTMksKClNpbXBsZSBTMksgc3BlY2lmaWVycyAoMy43LjEu MSk6CgogICAgczJrX3NpbXBsZSAgICAgICAgOjo9IFMyS19TSU1QTEU9MHgwMCAgIGhhc2hfYWxn bwoKIyMjIyBTYWx0ZWQgUzJLCgpTYWx0ZWQgUzJLcyBzcGVjaWZpZXJzICgzLjcuMS4yKToKCiAg ICBzMmtfc2FsdGVkICAgICAgICA6Oj0gUzJLX1NBTFRFRD0weDAxICAgaGFzaF9hbGdvIHMya19z YWx0CgojIyMjIEl0ZXJhdGVkIGFuZCBzYWx0ZWQgUzJLCgpJdGVyYXRlZCBhbmQgc2FsdGVkIFMy SyBzcGVjaWZpZXJzIGFyZSBkZWZpbmVkIGJ5IFJGQyA0NDgwIHMuIDMuNy4xLjMuCgpBIGhlbHBl ciBmdW5jdGlvbiB0byBkZWNvZGUgdGhlIGVuY29kZWQgYnl0ZWNvdW50IG9mIGhhc2hlZCBtYXRl cmlhbCwKCiAgICBcZGVjb2RlX3Mya19jIDogTmF0IC0+IChOYXQgLT4gTmF0KQogICAgbGV0IFxk ZWNvZGVfczJrX2MgYyA9CiAgICAgIGxldCBcYnl0ZWNvdW50IHBhc3NsZW4gPQogICAgICAgIG1h eChwYXNzbGVuICsgc2FsdGxlbj04LAogICAgICAgICAgICAoMTYgKyAoYyYxNSkpIDw8ICgoYz4+ NCkgKyA2KSkKCmFuZCB0aGUgc3BlY2lmaWVyIGRlZmluaXRpb246CgogICAgczJrX2l0ZXJhdGVk ICAgICAgOjo9IFMyS19JVEVSQVRFRD0weDAzCiAgICAgICAgICAgICAgICAgICAgICAgICAgaGFz aF9hbGdvCiAgICAgICAgICAgICAgICAgICAgICAgICAgczJrX3NhbHQKICAgICAgICAgICAgICAg ICAgICAgICAgICBzMmtfZW5jb2RlZF9jb3VudAoKIyMjIEVDIHByaXZhdGUga2V5IFMySyBzcGVj aWZpZXJzCgpSRkMgNjYzNyByZXF1aXJlcyB0aGF0LCB3aGVuIHVzZWQgZm9yIHByb3RlY3Rpbmcg YSBwcml2YXRlIEVDIGtleSwgb25seQp0aGUgSSZTIFMySyBzcGVjaWZpZXJzIGFyZSB1c2VkOgoK ICAgICMgUkZDIDY2Mzcgcy4gMTMKICAgIHMya19lYyAgICAgICAgICAgOjo9IHMya19pdGVyYXRl ZAoKU2luY2UgU0hBMSBvbmx5IHByb3ZpZGVzIDE4MC1iaXRzIG9mIG91dHB1dCwgaXQgaXMgaW1w b3NzaWJsZSB0byBhY2hpZXZlCnRoZSAxOTItYml0IHNlY3VyaXR5IHN0cmVuZ3RoIHJlcXVpcmVk IGJ5IFJGQyA2NjM3IHMuIDEyLjIuMSB1c2luZyBpdDoKCiAgICAjIFJGQyA2NjM3IHMuIDEyLjIu MQogICAgczJrX2VjXzE5MmIgICAgICAgOjo9IFMyS19JVEVSQVRFRD0weDAzCiAgICAgICAgICAg ICAgICAgICAgICAgICAgaGFzaF9hbGdvX3NoYTJfNTEyCiAgICAgICAgICAgICAgICAgICAgICAg ICAgczJrX3NhbHQKICAgICAgICAgICAgICAgICAgICAgICAgICBzMmtfZW5jb2RlZF9jb3VudAoK UkZDIDY2MzcgYXBwYXJlbnRseSBkb2VzIG5vdCBmb3JiaWQgdGhlIHVzZSBvZiBTSEExIGFzIHRo ZSBTMksgaGFzaCBmdW5jdGlvbjsKYnV0IGl0IGRvc24ndCBzdGF0ZSB0aGF0IGl0IG1heSBiZSB1 c2VkLCBlaXRoZXIuIFFRUVE6IHNoYTIgYWNjZXB0YWJsZT8KCgojIyMgUzJLIHNwZWNpZmllcnMs IGdlbmVyYWxseQoKICAgIHMya19yZmM0ODgwICAgICAgIDo6PSBzMmtfc2ltcGxlIHwgczJrX3Nh bHRlZCB8IHMya19pdGVyYXRlZCB8IHMya19lcnJvcgoKCgojIFBhY2tldCBib2RpZXMKCiMjIFRh ZyAxOiBQdWJsaWMta2V5IGVuY3J5cHRlZCBzZXNzaW9uIGtleQoKUkZDIDQ4ODAgcy4gNS4xOgoK IyMjIFByaW1lIGJhc2VkIGNyeXB0bwoKICAgICMgUlNBLUUvUlNBLUVTCiAgICBwa2Vza19yc2Ff YXNmICAgICAgICAgOjo9IGFsZ29fcnNhX2VuYyByc2FfbWVtb2RuOm1waQogICAgIyBFTEctRQog ICAgcGtlc2tfZWxnZV9hc2YgICAgICAgIDo6PSBhbGdvX2VsZ19lbmMgZWxnZV9na21vZHA6bXBp IGVsZ2VfbXlrbW9kcDptcGkKICAgICMgWDk0MkRICiAgICAjIFRPRE8KCiMjIyBFbGxpcHRpYyBj dXJ2ZSBjcnlwdG8KClJGQyA2NjM3IHMuIDg6CgogICAgcGtlc2tfZWNkaF93cmFwcGVka2V5IDo6 PSB3cmFwcGVka2V5bGVuOjMyLi4yNTQgYnl0ZXNbd3JhcHBlZGtleWxlbl0KICAgIHBrZXNrX2Vj ZGhfYXNmICAgICAgICA6Oj0gZWNfZXBoZW1fcHVia2V5Om1waSBwa2Vza19lY2RoX3dyYXBwZWRr ZXkKCiMjIyBQdWJsaWMta2V5IGVuY3J5cHRlZCBzZXNzaW9uIGtleQoKICAgIHBrZXNrX3YgICAg ICAgICAgICAgICA6Oj0gMwogICAgcGtlc2tfYXNmICAgICAgICAgICAgIDo6PSAocGtlc2tfZWxn ZV9hc2YgfCBwa2Vza19yc2FfYXNmIHwgcGtlc2tfZWNkaF9hc2YpCiAgICBwa2Vza19ib2R5ICAg ICAgICAgICAgOjo9IHBrZXNrX3Yga2V5aWQgcGtlc2tfYXNmCgoKIyMgVGFnIDI6IFNpZ25hdHVy ZSAodGFnIDIpCgpSRkMgNDg4MCBzLiA1LjIuMQoKIyMjIENvbW1vbiBkZWZpbml0aW9ucwoKU29t ZSBkZWZpbml0aW9ucyBjb21tb24gdG8gYWxsIHNpZ25hdHVyZSBmb3JtYXRzOgoKICAgIHNpZ19j cmVhdGlvbl90aW1lICA6Oj0gdGltZXN0YW1wCiAgICBzaWdfc2lnbmVyX2tleWlkICAgOjo9IGtl eWlkCgpUaGUgbGVmdCAxNi1iaXRzIG9mIHRoZSBzaWduZWQgaGFzaDoKCiAgICBzaWdfbGVmdDIg ICAgICAgICAgOjo9IGJ5dGUgYnl0ZQoKIyMjIFNpZ25hdHVyZSB0eXBlcwoKUkZDIDQ4ODAgZGVm aW5lcyBhIGxpbWl0ZWQgbnVtYmVyIG9mIHNpZ25hdHVyZSB0eXBlczoKCiAgICBTSUdfVjMgOjo9 ICggIFNJR19CSU5BUlkgICAgICAgICA9IDB4MDAKICAgICAgICAgICAgICAgIHwgU0lHX1RFWFQg ICAgICAgICAgID0gMHgwMQogICAgICAgICAgICAgICAgfCBTSUdfR0VORVJJQyAgICAgICAgPSAw eDEwCiAgICAgICAgICAgICAgICB8IFNJR19QRVJTT05BICAgICAgICA9IDB4MTEKICAgICAgICAg ICAgICAgIHwgU0lHX0NBU1VBTCAgICAgICAgID0gMHgxMgogICAgICAgICAgICAgICAgfCBTSUdf UE9TSVRJVkUgICAgICAgPSAweDEzCiAgICAgICAgICAgICAgICB8IFNJR19TVUJLRVlCSU5EICAg ICA9IDB4MTgKICAgICAgICAgICAgICAgIHwgU0lHX1BSSU1BUllLRVlCSU5EID0gMHgxOQogICAg ICAgICAgICAgICAgfCBTSUdfS0VZICAgICAgICAgICAgPSAweDFmCiAgICAgICAgICAgICAgICB8 IFNJR19SRVZPS0UgICAgICAgICA9IDB4MjAKICAgICAgICAgICAgICAgIHwgU0lHX1NVQktFWVJF Vk9LRSAgID0gMHgyOAogICAgICAgICAgICAgICAgfCBTSUdfQ0VSVFJFVk9LRSAgICAgPSAweDMw CiAgICAgICAgICAgICAgICB8IFNJR19USU1FU1RBTVAgICAgICA9IDB4NDAKICAgICAgICAgICAg ICAgIHwgU0lHX1RISVJEUEFSVFkgICAgID0gMHg1MCApCiAgICBTSUdfVjQgOjo9IFNJR19WMyB8 IFNJR19TVEFOREFMT05FPTB4MDIKCiAgICBzaWdfZXJyX3YzICAgICAgICAgOjo9IHtTSUdfVjR9 L3tTSUdfVjN9IGVycm9yCiAgICBzaWdfdHlwZV92MyAgICAgICAgOjo9IFNJR19WMyB8IHNpZ190 eXBlX3Vua25vd24gfCBzaWdfdHlwZV9lcnJfdjMKICAgIHNpZ190eXBlX3Y0ICAgICAgICA6Oj0g U0lHX1Y0IHwgc2lnX3R5cGVfdW5rbm93bgogICAgc2lnX3R5cGVfdW5rbm93biAgIDo6PSAoMHgw My4uMHgwOSB8IDB4MTQuLjB4MTcgfCAweDFhLi4weDFlIHwgMHgyMS4uMHgyNwogICAgICAgICAg ICAgICAgICAgICAgICAgICAgfCAweDI5IHwgMHgzMS4uMHgzOSB8IDB4NDEuLjB4NDkgfCAweDUx Li4weGZmKQoKUVFRUTogU2hvdWxkIGFuIHVua25vd24gc2lnbmF0dXJlIHR5cGUgcHJvZHVjZSBh biBlcnJvciBoZXJlPwoKIyMjIEFsZ29yaXRobSBzcGVjaWZpYyBmaWVsZHMKCiMjIyMgUHJpbWUt YmFzZWQgY3J5cHRvIGFsZ29yaXRobS1zcGVjaWZpYyBmaWVsZHMKClJGQyA0ODgwIHMuIDUuMi4y OgoKICAgICMgUlNBLVMvUlNBLUVTCiAgICBzaWdfYXNmX3JzYSAgICAgICAgOjo9ICYoaXNfcnNh cyBwdWJrZXlfYWxnb19yc2EpCiAgICAgICAgICAgICAgICAgICAgICAgICAgIHJzYV9tZG1vZG46 bXBpCiAgICAjIERTQQogICAgc2lnX2FzZl9kc2EgICAgICAgIDo6PSAmcHVia2V5X2FsZ289PURT QQogICAgICAgICAgICAgICAgICAgICAgICAgICBkc2FfcjptcGkKICAgICAgICAgICAgICAgICAg ICAgICAgICAgZHNhX3M6bXBpCiAgICAjIEVMRy1FUwogICAgIyBvbmx5IHZlcnNpb24gMgoKIyMj IyBFbGxpcHRpYy1jdXJ2ZSBjcnlwdG8gYWxnb3JpdGhtLXNwZWNpZmljIGZpZWxkcwoKUkZDIDY2 Mzcgcy4gMTAgKGluY29ycG9yYXRpbmcgUkZDIDQ4ODAgcy4gNS4yLjIgYnkgcmVmZXJlbmNlKToK CiAgICAjIEVDRFNBCiAgICBzaWdfYXNmX2VjZHNhICAgICAgOjo9ICZwdWJrZXlfYWxnbz09RUNE U0EgZWNkc2FfcjptcGkgZWNkc2FfczptcGkKCgojIyMgVmVyc2lvbiA0IHNpZ25hdHVyZSBzdWJw YWNrZXRzCgpWZXJzaW9uIDQgc2lnbmF0dXJlcyBjYW4gY29udGFpbiBib3RoIHNpZ25lZCBhbmQg dW5zaWduZWQgc3VicGFja2V0czoKCiAgICAjIFJGQyA0ODgwIHMuIDUuMi4zCiAgICBoYXNoZWRf c3VicGFja2V0cyAgIDo6PSBoYXNoZWRfc3VicGFja2V0bGVuOmxlbl9vbGQyCiAgICAgICAgICAg ICAgICAgICAgICAgICAgICBieXRlc1toYXNoZWRfc3VicGFja2V0bGVuXQogICAgdW5oYXNoZWRf c3VicGFja2V0cyA6Oj0gdW5oYXNoZWRfc3VicGFja2V0bGVuOmxlbl9vbGQyCiAgICAgICAgICAg ICAgICAgICAgICAgICAgICBieXRlc1t1bmhhc2hlZF9zdWJwYWNrZXRsZW5dCgojIyMjIFN1YnBh Y2tldCBmb3JtYXQKClJGQyA0ODgwIHMuIDUuMi4zLjEKCiAgICBsZW5fbmV3JyAgOjo9IGxlbl9u ZXcgLS0gbGVuX25ld19wYXJ0aWFsCiAgICBzdWJwYWNrZXQgOjo9IHN1YnBhY2tldF9sZW5ndGg6 bGVuX25ldycKICAgICAgICAgICAgICAgICAgc3VicGFja2V0X3R5cGUKICAgICAgICAgICAgICAg ICAgc3VicGFja2V0X2RhdGEKCiMjIyMgU3VicGFja2V0IHR5cGVzCgpSRkMgNDg4MCBzLiA1LjIu My4xOgoKICAgIHN1YnBhY2tldF90eXBlIDo6PSAgIHN1YnBhY2tldF90eXBlX3BsYWNlaG9sZAog ICAgICAgICAgICAgICAgICAgICAgIHwgc3VicGFja2V0X3R5cGVfcmVzZXJ2ZWQKICAgICAgICAg ICAgICAgICAgICAgICB8IHN1YnBhY2tldF90eXBlX3NwZWNpZmllZAogICAgICAgICAgICAgICAg ICAgICAgIHwgc3VicGFja2V0X3R5cGVfdW5kZWZpbmVkCiAgICAgICAgICAgICAgICAgICAgPj49 IFxjcml0aWNhbD0oY3JpdGJpdF9zZXQgeDApCgpBIHN1YnBhY2tldCBpcyAiY3JpdGljYWwiIGlm IGJpdCA3IGlzIHNldDoKCiAgICBsZXQgXGNyaXRiaXRfc2V0IHggPSAoNjQmeCkgPT0gNjQKClNl dmVyYWwgdHlwZXMgb2Ygc3VicGFja2V0LCBlYWNoIHdpdGggaXRzIG93biBzeW50YXgsIGFyZSBk ZWZpbmVkOgoKICAgIHN1YnBhY2tldF90eXBlX3BsYWNlaG9sZCA6Oj0gMTB8NzQKICAgIHN1YnBh Y2tldF90eXBlX3Jlc2VydmVkICA6Oj0gMC4uMXw2NC4uNjV8OHw3MnwxMy4uMTV8NzQuLjc5fDE3 Li4xOXw4MS4uODMKICAgIHN1YnBhY2tldF90eXBlX3ByaXZhdGUgICA6Oj0gMTAwLi4xMTB8MTY0 Li4xNzQKICAgIHN1YnBhY2tldF90eXBlX2RlZmluZWQgICA6Oj0gICBTUF9TSUdfQ1JFQVRJT05f VElNRSAgICAgICAgPSAoIDJ8NjYpCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwg U1BfU0lHX0VYUElSQVRJT05fVElNRSAgICAgID0gKCAzfDY3KQogICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICB8IFNQX0VYUE9SVEFCTEVfQ0VSVElGSUNBVElPTiA9ICggNHw2OCkKICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfCBTUF9UUlVTVF9TSUdOQVRVUkUgICAgICAg ICAgPSAoIDV8NjkpCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwgU1BfUkVHVUxB Ul9FWFBSRVNTSU9OICAgICAgID0gKCA2fDcwKQogICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICB8IFNQX1JFVk9DQUJMRSAgICAgICAgICAgICAgICA9ICggN3w3MSkKICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgfCBTUF9LRVlfRVhQSVJBVElPTl9USU1FICAgICAgPSAoIDl8 NzMpCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwgU1BfUFJFRl9TWU1NX0FMR08g ICAgICAgICAgID0gKDExfDc1KQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB8IFNQ X1BSRUZfUkVWT0NBVElPTl9LRVkgICAgICA9ICgxMnw3NikKICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgfCBTUF9QUkVGX0lTU1VSRSAgICAgICAgICAgICAgPSAoMTZ8ODApCiAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwgU1BfUFJFRl9OT1RBVElPTl9EQVRBICAgICAg ID0gKDIwfDg0KQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB8IFNQX1BSRUZfSEFT SF9BTEdPICAgICAgICAgICA9ICgyMXw4NSkKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgfCBTUF9QUkVGX0NPTVBfQUxHTyAgICAgICAgICAgPSAoMjJ8ODYpCiAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIHwgU1BfUFJFRl9LRVlfU0VSVkVSICAgICAgICAgID0gKDI0fDg4 KQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB8IFNQX1BSSU1BUllfVVNFUl9JRCAg ICAgICAgICA9ICgyNXw4OSkKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfCBTUF9Q T0xJQ1lfVVJJICAgICAgICAgICAgICAgPSAoMjZ8OTApCiAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIHwgU1BfS0VZX0ZMQUdTICAgICAgICAgICAgICAgID0gKDI3fDkxKQogICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICB8IFNQX1NJR05FUlNfVVNFUl9JRCAgICAgICAgICA9 ICgyOHw5MikKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfCBTUF9SRUFTT05fRk9S X1JFVk9DQVRJT04gICAgPSAoMjl8OTMpCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IHwgU1BfRkVBVFVSRVMgICAgICAgICAgICAgICAgID0gKDMwfDk0KQogICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICB8IFNQX1NJR05BVFVSRV9UQVJHRVQgICAgICAgICA9ICgzMXw5NSkK ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfCBTUF9FTUJFRERFRF9TSUdOQVRVUkUg ICAgICAgPSAoMzJ8OTYpCiAgICBzdWJwYWNrZXRfdHlwZV9zcGVjaWZpZWQgIDo6PSAgIHN1YnBh Y2tldF90eXBlX3BsYWNlaG9sZAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfCBz dWJwYWNrZXRfdHlwZV9yZXNlcnZlZAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg fCBzdWJwYWNrZXRfdHlwZV9wcml2YXRlCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICB8IHN1YnBhY2tldF90eXBlX2RlZmluZWQKICAgIHN1YnBhY2tldF90eXBlX3VuZGVmaW5lZCAg Ojo9IHswLi4yNTV9LS1zdWJwYWNrZXRfdHlwZV9zcGVjaWZpZWQKCgoqU3VidHlwZSAyOiogU2ln bmF0dXJlIGNyZWF0aW9uIHRpbWUgKDUuMi4zLjQpOgoKICAgIHNwX3NpZ25hdHVyZV9jcmVhdGlv bl90aW1lX2JvZHkgOjo9IHNpZ25hdHVyZV9jcmVhdGlvbl90aW1lOnRpbWVzdGFtcAoKKlN1YnR5 cGUgMzoqIElzc3VlciAoNS4yLjMuNSk6CgogICAgc3Bfc2lnbmF0dXJlX2lzc3VlciA6Oj0gaXNz dWVyOmtleWlkCgoqU3VidHlwZSAzKjogU2lnbmF0dXJlIGV4cGlyYXRpb24gdGltZSAoNS4yLjMu MTApOgoKICAgIHNwX3NpZ25hdHVyZV9jcmVhdGlvbl90aW1lIDo6PSBzaWdfZXhwaXJhdGlvbl90 aW1lJzp0aW1lc3RhbXBfb3JfaW5mCgoqU3VidHlwZSA0KjogRXhwb3J0YWJsZSBjZXJ0aWZpY2F0 aW9uICg1LjIuMy4xMSk6CgogICAgc3BfZXhwb3J0YWJsZV9jZXJ0aWZpY2F0aW9uIDo6PSAweDB8 MHgxCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPj49IFxleHBvcnRhYmxlJz1Cb29s KHgwKQoKICAgIFxleHBvcnRhYmxlID0gSUYgL2V4cG9ydGFibGUnIFRIRU4gXGV4cG9ydGFibGUn IEVMU0UgVHJ1ZQoKKlN1YnR5cGUgNToqIFRydXN0IHNpZ25hdHVyZSAoNS4yLjMuMTMpOgoKICAg IHNwX3RydXN0X3NpZ25hdHVyZSA6Oj0gbGV2ZWw6Ynl0ZSBhbW91bnQ6Ynl0ZQoKICAgIGxldCBc dHJ1c3RfcGFydGlhbCA9IGxldmVsID49IDYwCiAgICBsZXQgXHRydXN0X2NvbXBsZXRlID0gbGV2 ZWwgPj0gMTIwCgoqU3VidHlwZSA2OiogUmVndWxhciBleHByZXNzaW9uICg1LjIuMy4xNCk6Cgog ICAgc3BfcmVndWxhcl9leHByZXNzaW9uIDo6PSByZWdleDpieXRlW3N1YnBhY2tldGxlbi0xXSAw eDAwCgoqU3VidHlwZSA3OiogUmV2b2NhYmxlICg1LjIuMy4xMik6CgogICAgc3BfcmV2b2NhYmxl IDo6PSAweDAwfDB4MDEKICAgIFxyZXZvY2FibGUgPSBJRiBccmV2b2NhYmxlJyBUSEVOIFxyZXZv Y2FibGUnIEVMU0UgVHJ1ZQoKKlN1YnR5cGUgOToqIEtleSBleHBpcmF0aW9uIHRpbWUgKDUuMi4z LjYpOgoKICAgIHNwX2tleV9leHBpcmF0aW9uX3RpbWUgOjo9IGtleV9leHBpcmF0aW9uX3RpbWUn OnRpbWVzdGFtcAogICAgIyBhZGRpdGlvbmFsIGNvbmRpdGlvbjogb25seSBvbiBzZWxmLXNpZ25h dHVyZQoKKlN1YnR5cGUgMTE6KiBQcmVmZXJyZWQgc3ltbWV0cmljIGFsZ29yaXRobXMgKDUuMi4z LjcpOgoKICAgIHNwX3ByZWZfc3ltbV9hbGdvIDo6PSBTZXF1ZW5jZVtzeW1tX2FsZ29dCgoqU3Vi dHlwZSAxMjoqIFJldm9jYXRpb24ga2V5ICg1LjIuMy4xNSk6CgogICAgc3BfcmV2b2NhdGlvbl9r ZXkgOjo9IDB4ODB8MHhjMCBhbGdvX3B1YmtleSByZXZvY2F0aW9uX2tleTpmaW5nZXJwcmludAog ICAgICAgICAgICAgICAgICAgICAgPj49IFxzZW5zaXRpdmUgPSB4MCA9PSAweGMwCgoqU3VidHlw ZSAyMDoqIE5vdGF0aW9uIGRhdGEgKDUuMi4zLjE2KToKCiAgICBzcF9ub3RhdGlvbl9mbGFncyA6 Oj0gMHg4MHwweDAwIDB4MDAgMHgwMCAweDAwCiAgICAgICAgICAgICAgICAgICAgICA+Pj0gXGh1 bWFuX3JlYWRhYmxlID0geDAgPT0gMHg4MAogICAgc3Bfbm90YXRpb25fbmFtZV9pYW5hIDo6PSAo dXRmOF90ZXh0LS0nQCcpKgogICAgZG5zX2RvbWFpbl9uYW1lIDo6PSAjIFRPRE8KICAgIHNwX25v dGF0aW9uX25hbWVfdXNlciA6Oj0gKHV0ZjhfdGV4dC0tJ0AnKSAnQCcgZG5zX2RvbWFpbl9uYW1l CiAgICBzcF9ub3RhdGlvbl9kYXRhIDo6PSBzcF9ub3RhdGlvbl9mbGFncwogICAgICAgICAgICAg ICAgICAgICAgICAgbmFtZWxlbjpsZW5fb2xkMgogICAgICAgICAgICAgICAgICAgICAgICAgdmFs dWVsZW46bGVuX29sZDIKICAgICAgICAgICAgICAgICAgICAgICAgICYoKG5hbWVsZW4rdmFsdWVs ZW4rOCkgPT0gc3VicGFja2V0bGVuKQogICAgICAgICAgICAgICAgICAgICAgICAgbmFtZTp1dGY4 X3RleHRbbmFtZWxlbl0KICAgICAgICAgICAgICAgICAgICAgICAgIHZhbHVlOmJ5dGVzW3ZhbHVl bGVuXQoKKlN1YnR5cGUgMjE6KiBQcmVmZXJyZWQgaGFzaCBhbGdvcml0aG1zICg1LjIuMy44KTsK CiAgICBzcF9wcmVmX2hhc2hfYWxnbyA6Oj0gU2VxdWVuY2VbaGFzaF9hbGdvXQoKKlN1YnR5cGUg MjI6KiBQcmVmZXJyZWQgY29tcHJlc3Npb24gYWxnb3JpdGhtcyAoNS4yLjMuOSk6CgogICAgc3Bf cHJlZl9jb21wX2FsZ28gOjo9IFNlcXVlbmNlW2NvbXBfYWxnb10KCipTdWJ0eXBlIDIzOiogS2V5 IHNlcnZlciBwcmVmZXJlbmNlcyAoNS4yLjMuMTcpOgoKICAgIHNwX2tleXNlcnZlcl9wcmVmcyA6 Oj0gMHg4MHwweDAwIDB4MDBbc3VicGFja2V0bGVuLTFdCiAgICAjc2VsZnNpZy1vbmx5CgoqU3Vi dHlwZSAyNDoqIFByZWZlcnJlZCBrZXkgc2VydmVyICg1LjIuMy4xOCk6CgogICAgc3BfcHJlZmVy cmVkX2tleXNlcnZlciA6Oj0gdXJpOmJ5dGVzW3N1YnBhY2tldGxlbl0KCipTdWJ0eXBlIDI1Oiog UHJpbWFyeSB1c2VyIGlkICg1LjIuMy4xOSk6CgogICAgc3BfcHJpbWFyeV91c2VyaWQgOjo9IDB4 MDB8MHgwMQogICAgICAgICAgICAgICAgICAgICAgPj49IFxpc19wcmltYXJ5JyA9ICh4MCA9PSAw eDAxKQogICAgXGlzX3ByaW1hcnkgPSBJRiAvaXNfcHJpbWFyeScgVEhFTiBcaXNfcHJpbWFyeSBF TFNFIEZhbHNlCgoqU3VidHlwZSAyNjoqIFBvbGljeSBVUkkgKDUuMi4zLjIwKToKCiAgICBzcF9w b2xpY3lfdXJpIDo6PSBwb2xpY3lfdXJpOmJ5dGVzW3N1YnBhY2tldGxlbl0KCipTdWJ0eXBlIDI3 OiogS2V5IGZsYWdzICg1LjIuMy4yMSk6CgogICAgXGtmX2RlZmluZWQgPSB7S0ZfQ0VSVElGWSAg ICAgICAgICAgICAgICA9IDB4MDEsCiAgICAgICAgICAgICAgICAgICBLRl9TSUdOICAgICAgICAg ICAgICAgICAgID0gMHgwMiwKICAgICAgICAgICAgICAgICAgIEtGX0VOQ1JZUFRfQ09NTVVOSUNB VElPTlMgPSAweDA0LAogICAgICAgICAgICAgICAgICAgS0ZfRU5DUllQVF9TVE9SQUdFICAgICAg ICA9IDB4MDgsCiAgICAgICAgICAgICAgICAgICBLRl9TUExJVF9CWV9TRUNSRVRfU0hBUkUgID0g MHgxMCwKICAgICAgICAgICAgICAgICAgIEtGX0FVVEhFTlRJQ0FUSU9OICAgICAgICAgPSAweDIw LAogICAgICAgICAgICAgICAgICAgS0ZfUFJJVkFURV9JU19NVUxUSUhPTERFUiA9IDB4ODB9CiAg ICBzcF9rZXlfZmxhZ3MgOjo9IChtYXAgYmluYXJ5X29yIChwb3NldCBrZl9kZWZpbmVkKSkgYnl0 ZXNbc3VicGFja2V0bGVuLTFdCgogICAgIyAweDEwLCAweDgwIHNlbGYtc2lnIG9ubHkgZm9yIDB4 MWYgMHgxOCBzaWcgdHlwZXMKCipTdWJ0eXBlIDI4OiogU2lnbmVyJ3MgdXNlciBpZCAoNS4yLjMu MjIpOgoKICAgIHNwX3NpZ25lcnNfdXNlcmlkIDo6PSB1c2VyaWQKCipTdWJ0eXBlIDI5OiogUmVh c29ucyBmb3IgcmV2b2NhdGlvbiAoNS4yLjMuMjMpOgoKQSBmZXcgbWFjaGluZS1yZWFkYWJsZSBy ZXZvY2F0aW9uLXJlYXNvbiBjb2RlcyBhcmUgZGVmaW5lZDoKCiAgICBycl9jb2RlX2JvdGggOjo9 ICAgUlJfTk9fUkVBU09OICAgICAgPSAgMAogICAgcnJfY29kZV9rZXkgIDo6PSAgIFJSX1NVUEVS U0VERUQgICAgID0gIDEKICAgICAgICAgICAgICAgICAgICAgfCBSUl9DT01QUk9NSVNFRCAgICA9 ICAyCiAgICAgICAgICAgICAgICAgICAgIHwgUlJfUkVUSVJFRCAgICAgICAgPSAgMwogICAgcnJf Y29kZV9jZXJ0IDo6PSAgIFJSX1VTRVJJRF9JTlZBTElEID0gMzIKICAgIHJyX2NvZGVfcHJpdiA6 Oj0gMTAwLi4xMTAKICAgIHJyX2NvZGUgOjo9ICAgcnJfY29kZV9ib3RoCiAgICAgICAgICAgICAg ICB8ICYoaXNfb3ZlcmtleSBzaWd0eXBlKSBycl9jb2RlX2tleQogICAgICAgICAgICAgICAgfCAm KGlzX2NlcnRpZmljYXRpb24gc2lndHlwZSkgcnJfY29kZV9jZXJ0CiAgICAgICAgICAgICAgICB8 IHJyX2NvZGVfcHJpdgoKICAgIHNwX3JlYXNvbl9mb3JfcmV2b2NhdGlvbiA6Oj0gcnJfY29kZSB1 dGY4X3RleHRbc3VicGFja2V0bGVuLTFdCgoqU3VidHlwZSAzMDoqIEZlYXR1cmVzICg1LjIuMy4y NCk6CgogICAgZmVhdF9tZGMgICAgOjo9IDB4MDB8MHgwMQogICAgICAgICAgICAgICAgPj49IFx1 c2VfbWRjID0geDAgPT0gMHgwMQogICAgc3BfZmVhdHVyZXMgOjo9IGZlYXRfbWRjIGJ5dGVzW3N1 YnBhY2tldGxlbi0xXQoKKlN1YnR5cGUgMzE6KiBTaWduYXR1cmUgdGFyZ2V0ICg1LjIuMy4yNSk6 CgogICAgdGFyZ2V0X2hhc2hfYWxnbyA6Oj0gYWxnb19oYXNoCiAgICAgICAgICAgICAgICAgICAg ID4+PSBcPXRhcmdldGhhc2hsZW4gPSBoYXNobGVuCiAgICBzcF9zaWduYXR1cmVfdGFyZ2V0IDo6 PSBhbGdvX3B1YmtleQogICAgICAgICAgICAgICAgICAgICAgICAgICAgdGFyZ2V0X2hhc2hfYWxn bwogICAgICAgICAgICAgICAgICAgICAgICAgICAgaGFzaDpieXRlc1t0YXJnZXRoYXNobGVuXQoK ICAgICMgcmV2b2NhdGlvbiwgdGhpcmQtcGFydHksIHRpbWVzdGFtcAoKKlN1YnR5cGUgMzI6KiBF bWJlZGRlZCBzaWduYXR1cmUgKDUuMi4zLjI2KToKCiAgICBzcF9lbWJlZGRlZF9zaWduYXR1cmUg Ojo9IHNpZ25hdHVyZV9wYWNrZXRfYm9keQoKCiMjIyBWZXJzaW9uIDMgc2lnbmF0dXJlcwoKVGhl IHZlcnNpb24gMyBzaWduYXR1cmUgcGFja2V0IGZvcm1hdCAoNS4yLjIpOgoKICAgIHNpZ19hc2Zz X3YzICAgICAgICA6Oj0gc2lnX2FzZl9yc2EgfCBzaWdfYXNmX2RzYQogICAgc2lnX2JvZHlfaGFz aGVkX3YzIDo6PSBzaWdfdHlwZV92MyBzaWdfY3JlYXRpb25fdGltZQogICAgc2lnX2JvZHlfdjMg ICAgICAgIDo6PSAweDAzCiAgICAgICAgICAgICAgICAgICAgICAgICAgIDB4MDUKICAgICAgICAg ICAgICAgICAgICAgICAgICAgc2lnX2JvZHlfaGFzaGVkX3YzCiAgICAgICAgICAgICAgICAgICAg ICAgICAgIHNpZ19zaWduZXJfa2V5aWQ6a2V5aWQKICAgICAgICAgICAgICAgICAgICAgICAgICAg cHVia2V5X2FsZ28KICAgICAgICAgICAgICAgICAgICAgICAgICAgaGFzaF9hbGdvCiAgICAgICAg ICAgICAgICAgICAgICAgICAgIHNpZ19sZWZ0MgogICAgICAgICAgICAgICAgICAgICAgICAgICBz aWdfYXNmc192MwoKIyMjIFZlcnNpb24gNCBzaWduYXR1cmVzCgpUaGUgdmVyc2lvbiA0IHNpZ25h dHVyZSBwYWNrZXQgZm9ybWF0ICg1LjIuMyk6CgogICAgc2lnX2FzZnNfdjQgICAgICAgIDo6PSBz aWdfYXNmX3JzYSB8IHNpZ19hc2ZfZHNhIHwgc2lnX2FzZl9lY2RzYQogICAgc2lnX2JvZHlfdjQg ICAgICAgIDo6PSAweDA0CiAgICAgICAgICAgICAgICAgICAgICAgICAgIHNpZ190eXBlX3Y0CiAg ICAgICAgICAgICAgICAgICAgICAgICAgIHB1YmtleV9hbGdvCiAgICAgICAgICAgICAgICAgICAg ICAgICAgIGhhc2hfYWxnbwogICAgICAgICAgICAgICAgICAgICAgICAgICBoYXNoZWRfc3VicGFj a2V0cwogICAgICAgICAgICAgICAgICAgICAgICAgICB1bmhhc2hlZF9zdWJwYWNrZXRzCiAgICAg ICAgICAgICAgICAgICAgICAgICAgIHNpZ19sZWZ0MgogICAgICAgICAgICAgICAgICAgICAgICAg ICBzaWdfYXNmc192NAoKIyMjIFNpZ25hdHVyZSBib2R5CgogICAgc2lnX2JvZHkgICAgICAgICAg IDo6PSBzaWdfYm9keV92MyB8fCBzaWdfYm9keV92NAoKCiMjIFRhZyAzOiBTeW1tZXRyaWNhbGx5 IGVuY3J5cHRlZCBzZXNzaW9uIGtleQoKUkZDIDQ4ODAgcy4gNS4zOgoKICAgIHNrZXNrX2VzayAg IDo6PSBieXRlc1tsZW5ndGggLSAzXQogICAgc2tlc2tfYm9keSAgOjo9IDB4MDQgc3ltbV9hbGdv IHMya19zcGVjIHNrZXNrX2VzawoKUVFRUTogUkZDIDYzMzcgbGltaXRhdGlvbnM/CgoKIyMgVGFn IDQ6IE9uZS1wYXNzIHNpZ25hdHVyZSAodGFnIDQpCgpBIHVzZWZ1bCBuZXcgcGFja2V0IHR5cGUg aW50cm9kdWNlZCBpbiB2ZXJzaW9uIDQuCgogICAgb25lcGFzc19zaWdfbmVzdGVkIDo6PSAweDAw fDB4MDEKICAgICAgICAgICAgICAgICAgICAgICA+Pj0gXHggPSBCb29sKHgpCiAgICBvbmVwYXNz X3NpZ19ib2R5IDo6PSAweDAzCiAgICAgICAgICAgICAgICAgICAgICAgICBzaWdfdHlwZV92NAog ICAgICAgICAgICAgICAgICAgICAgICAgaGFzaF9hbGdvCiAgICAgICAgICAgICAgICAgICAgICAg ICBwdWJrZXlfYWxnbwogICAgICAgICAgICAgICAgICAgICAgICAgb25lcGFzc19zaWdfc2lnbmVy X2tleWlkOmtleWlkCiAgICAgICAgICAgICAgICAgICAgICAgICBvbmVwYXNzX3NpZ19uZXN0ZWQK CgojIyBUYWdzIDUsNiw3LDE0OiBBc3ltbWV0cmljIGtleXMKCiMjIyBQYWNrZXQgdGFncwoKKlRh ZyA2LiBQdWJsaWMta2V5OioKCiAgICBwdWJsaWNrZXlfYm9keSAgICA6Oj0gcHVia2V5CgoqVGFn IDE0LiBQdWJsaWMtc3Via2V5OioKCiAgICBwdWJsaWNzdWJrZXlfYm9keSA6Oj0gcHVia2V5Cgoq VGFnIDUuIFNlY3JldC1rZXk6KgoKICAgIHNlY3JldGtleV9ib2R5ICAgIDo6PSBwdWJrZXkgc2Vj cmV0a2V5CgoqVGFnIDcuIFNlY3JldC1zdWJrZXk6KgoKICAgIHNlY3JldHN1YmtleV9ib2R5IDo6 PSBwdWJrZXkgc2VjcmV0a2V5CgoKIyMjIERlZmluaXRpb25zIGNvbW1vbiB0byBwdWJsaWMgYW5k IHNlY3JldCBrZXlzCgojIyMjIEFsZ29yaXRobS1zcGVjaWZpYyBmaWVsZHMKCiMjIyMjIFByaW1l LWJhc2VkIGNyeXB0bwoKICAgIHJzYV9uLCByc2FfZSAgICAgICAgICA9IG1waSwgbXBpCiAgICBw dWJrZXlfYXNmX3JzYV92MyAgIDo6PSByc2FfbiByc2FfZQogICAgcHVia2V5X2FzZl9yc2EgICAg ICA6Oj0gJihpc19yc2EgcHVia2V5X2FsZ28pCgogICAgZHNhX3AsIGRzYV9xLCBkc2FfeSAgID0g bXBpLCBtcGksIG1waQogICAgcHVia2V5X2FzZl9kc2EgICAgICA6Oj0gJnB1YmtleV9hbGdvPT1E U0EgZHNhX3A6bXBpIGRzYV9xOm1waSBkc2FfeTptcGkKCiAgICBwdWJrZXlfYXNmX2VsZyAgICAg IDo6PSAmcHVia2V5X2FsZ289PUVMR19FIGVsZ19wOm1waSBlbGdfcTptcGkKCiAgICAjIFRPRE9Y OTQyCgoKIyMjIyMgRWxsaXB0aWMtY3VydmUgY3J5cHRvCgpSRkMgNjYzNyBzLiA5OgoKICAgIHB1 YmtleV9hc2ZfZWNkc2EgICAgOjo9ICZwdWJrZXlfYWxnbz09RUNEU0EKICAgICAgICAgICAgICAg ICAgICAgICAgICAgIGN1cnZlb2lkCiAgICAgICAgICAgICAgICAgICAgICAgICAgICBlY19wdWJw b2ludDptcGkKICAgIHB1YmtleV9hc2ZfZWNkaCAgICAgOjo9ICZwdWJrZXlfYWxnbz09RUNESAog ICAgICAgICAgICAgICAgICAgICAgICAgICAgY3VydmVvaWQKICAgICAgICAgICAgICAgICAgICAg ICAgICAgIGVjX3B1YnBvaW50Om1waQogICAgICAgICAgICAgICAgICAgICAgICAgICAgMHgwMyAw eDAxCiAgICAgICAgICAgICAgICAgICAgICAgICAgICBlY2RoX2tkZl9wYXJhbXMKICAgIHB1Ymtl eV9hc2ZfZWMgICAgICAgOjo9IHB1YmtleV9hc2ZfZWNkc2EgfCBwdWJrZXlfYXNmX2VjZGgKCiMj IyMgcHVia2V5X2FzZnMKCiAgICBwdWJrZXlfYXNmcyAgICAgICAgIDo6PSAoICBwdWJrZXlfYXNm X2VsZwogICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwgcHVia2V5X2FzZl9kc2EKICAgICAg ICAgICAgICAgICAgICAgICAgICAgICB8IHB1YmtleV9hc2ZfcnNhCiAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgfCBwdWJrZXlfYXNmX2VjICApCgojIyMgUHVibGljIGtleSB2ZXJzaW9uIDMK ClJGQyA0ODgwIHMuIDUuNS4yOgoKVGhlIGtleSdzIGV4cGlyYXRpb24gaXMgZW1iZWRkZWQgaW4g dGhlIGtleSBwYWNrZXQgZm9yIFYzIGtleXM6CgogICAgbGV0IFxjcmVhdGlvbl9wbHVzX2RheXMg PSBJRiB4MCE9MCB8IHgxIT0wCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFRIRU4gKE5h dCh4MCk8PDggKyBOYXQoeDEpKSooMjQqMzYwMCkKICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgRUxTRSBJbmYKICAgIHB1YmtleV9leHBpcmF0aW9uX2RheXMgOjo9IGJ5dGVzIGJ5dGVzCiAg ICAgICAgICAgICAgICAgICAgICAgICAgID4+PSBccHVia2V5X2V4cGlyYXRpb25fdGltZSA9CiAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAoY3JlYXRpb25fcGx1c19kYXlzIHgwIHgx KQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgKyBwdWJrZXlfY3JlYXRpb25fdGlt ZQoKVGhlIGtleSBmb3JtYXQ6CgogICAgcHVia2V5X3YzICAgICAgICAgICAgICA6Oj0gMHgwMwog ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcHVia2V5X2NyZWF0aW9uX3RpbWU6dGltZXN0 YW1wCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBwdWJrZXlfZXhwaXJhdGlvbl9kYXlz CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBwdWJrZXlfYXNmX3JzYQoKIyMjIFB1Ymxp YyBrZXkgdmVyc2lvbiA0CgpSRkMgNDg4MCBzLiA1LjUuMjoKClY0IGtleXMgYXJlIHNvbWV3aGF0 IHNpbXBsZXI6CgogICAgcHVia2V5X3Y0ICAgICAgICAgICAgICA6Oj0gMHgwNAogICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgcHVia2V5X2NyZWF0aW9uX3RpbWU6dGltZXN0YW1wCiAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICBwdWJrZXlfYWxnbwogICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgcHVia2V5X2FzZnMKCiMjIyBTZWNyZXQga2V5cwoKUkZDIDQ4ODAgcy4gNS41 LjMuCgojIyMjIFNlY3JldCBrZXkgUzJLCgojIyMjIyBTZWNyZXQga2V5IGNoZWNrc3VtIGNvbnZl bnRpb25zCgogICAgczJrX2NoZWNrc3VtICAgOjo9ICZjb252ZW50aW9uPSJja3N1bSIgY2tzdW09 dHdvX29jdGV0CiAgICBzMmtfaGFzaCAgICAgICA6Oj0gJmNvbnZlbnRpb249Im1kYyIgc2hhMV9o YXNoCiAgICBzMmtfc3VtICAgICAgICA6Oj0gczJrX2NoZWNrc3VtIHwgczJrX2hhc2ggfCBcZXBz aWxvbgoKIyMjIyMgU2VjcmV0IGtleSBTMksgY29udmVudGlvbnMKCiAgICBzZWNrZXlfZW5jX2l2 ICA6Oj0gYnl0ZXNbYmxvY2tzaXplKHN5bW1fYWxnbyldCiAgICBzMmtfY29udmVudGlvbl91bmVu Y3J5cHRlZCA6Oj0gUzJLX1VORU5DUllQVEVEPTAKICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgID4+PSBcc3VtdHlwZSA9ID8/CiAgICBzMmtfY29udmVudGlvbl9lbmNyeXB0ZWQgICA6Oj0g KDI1NCB8IDI1NSkKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBzeW1tX2FsZ28K ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBzMmtfc3BlYwogICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgIHNlY2tleV9lbmNfaXY/CiAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICA+Pj0gXHN1bXR5cGUgPSBJRiAyNTQgVEhFTiAibWRjIiBFTFNFICJja3N1bSIs CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXGVuYyA9IHRydWUKICAgIHMya19j b252ZW50aW9uX290aGVyZW5jICAgIDo6PSBzeW1tX2FsZ28gc2Vja2V5X2VuY19pdj8KICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgID4+PSBcc3VtdHlwZSA9ICJja3N1bSIsCiAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgXGVuYyA9IHRydWUsCiAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgXGhhc2hfYWxnbyA9IE1ENSwKICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICBcczJrX3R5cGUgPSBTMktfU0lNUExFCgojIyMjIyBzMmtfY29udmVudGlv bgoKICAgIHMya19jb252ZW50aW9uIDo6PSAoICAgUzJLX1VORU5DUllQVEVECiAgICAgICAgICAg ICAgICAgICAgICAgIHwgczJrX2NvbnZlbnRpb25fZW5jcnlwdGVkCiAgICAgICAgICAgICAgICAg ICAgICAgIHwgczJrX2NvbnZlbnRpb25fb3RoZXJlbmMgKQogICAgICAgICAgICAgICAgICAgICAg IHMya19zdW0KCiMjIyMjIFJGQyA2NjM3IFMySyBjb252ZW50aW9uIGxpbWl0YXRpb25zCgpSRkMg NjYzNyBzLiAxMywgc2VlbXMgdG8gYmUgb24gdGhlIHZlcmdlIG9mIHJlcXVpcmluZyBNRENzIGZv ciBFQyBwcml2YXRlCmtleXMuIFFRUVE6IFNvbWUgaW1wbHMgZG87IGlzIHRoaXMgbWFuZGF0b3J5 PyBRUVFROiBEb2VzIHRoZQpoYXNoLWFsZ29yaXRobSBsaW1pdGF0aW9uIGFwcGx5IGZvciB0aGUg UkZDcz8KCgojIyMjIFNlY3JldCBrZXkgYWxnb3JpdGhtLXNwZWNpZmljIGZpZWxkcwoKICAgICMg UlNBX0VTLCBSU0FfRSwgUlNBX1MKICAgIHNlY2tleV9hc2ZfcnNhIDo6PSAmKGlzX3JzYSBwdWJr ZXlfYWxnbykKICAgICAgICAgICAgICAgICAgICAgICByc2FfZDptcGkKICAgICAgICAgICAgICAg ICAgICAgICByc2FfcDptcGkKICAgICAgICAgICAgICAgICAgICAgICByc2FfcTptcGkKICAgICAg ICAgICAgICAgICAgICAgICByc2FfdTptcGkKICAgICMgRFNBCiAgICBzZWNrZXlfYXNmX2RzYSA6 Oj0gJnB1YmtleV9hbGdvPT1EU0EKICAgICAgICAgICAgICAgICAgICAgICBkc2FfeDptcGkKICAg ICMgRUxHX0UKICAgIHNlY2tleV9hc2ZfZWxnIDo6PSAmcHVia2V5X2FsZ289PUVMR19FCiAgICAg ICAgICAgICAgICAgICAgICAgZWxnX3g6bXBpCiAgICAjIEVDREgvRUNEU0EgKFJGQyA2NjM3IHMu IDkpCiAgICBzZWNrZXlfYXNmX2VjICA6Oj0gJihpc19lYyBwdWJrZXlfYWxnbykKICAgICAgICAg ICAgICAgICAgICAgICBlY19wcml2YXRfc2NhbGFyOm1waQoKIyMjIyBTZWNyZXQga2V5cwoKVE9E TzogcGFyYW1ldGVyaXplIGxlbmd0aCBvZiBlbmNrZXkgYnkgZW5jbG9zdXIgYW5kIG92ZXJoZWFk CgogICAgc2Vja2V5X2VuY2tleSAgOjo9ICZlbmMgYnl0ZXMqCiAgICBzZWNrZXlfYXNmcyAgICA6 Oj0gc2Vja2V5X2FzZl9yc2EgfCBzZWNrZXlfYXNmX2RzYSB8IHNlY2tleV9hc2ZfZWxnCiAgICBz ZWNrZXlfdW5lbmNyeXB0ZWQgOjo9IHNlY2tleV9hc2ZzIChzMmtfY2tzdW0gfCBzMmtfaGFzaCkK ICAgIHNlY2tleSAgICAgICAgIDo6PSBzMmtfY29udmVudGlvbiAgKHNlY2tleV9lbmNrZXkgfCBz ZWNrZXlfdW5lbmNyeXB0ZWQpCgoKIyBUYWcgODogQ29tcHJlc3NlZCBkYXRhCgogICAgIyBSRkMg NDg4MCBzLiA1LjYKICAgIGNvbXByZXNzZWRfZGF0YSA6Oj0gYnl0ZXNbbGVuZ3RoLTFdCiAgICBj b21wcmVzc2VkX2JvZHkgOjo9IGNvbXBfYWxnbyBjb21wcmVzc2VkX2RhdGEKCgojIFRhZyA5OiBT eW1tZXRyaWNhbGx5IGVuY3J5cHRlZCBkYXRhIHBhY2tldAoKICAgICAjIFJGQyA0ODgwIHMuIDUu NwogICAgIHNlZHBfYm9keSAgICAgICA6Oj0gYnl0ZXNbbGVuZ3RoXQoKCiMgVGFnIDEwOiBNYXJr ZXIKCiAgICAgIyBSRkMgNDg4MCBzLiA1LjgKICAgICBtYXJrZXJfYm9keSAgICAgOjo9ICJQR1Ai CgoKIyBUYWcgMTE6IExpdGVyYWwKCiAgICAjIFJGQyA0ODgwIHMuIDUuOQogICAgTElURVJBTF9M T0NBTCA9ICdsJyB8ICcxJwogICAgIyBUaGUgY29tcGF0aWJpbGl0eSBwcmVkaWNhdGUgZm9yICds b2NhbCcgZm9ybWF0CiAgICBsZXQgXGlzbG9jYWwgeCA9IHggXGluIHsnbCcsICcxJ30KICAgIGxp dGVyYWxfZm9ybWF0ICAgICAgOjo9ICggIExJVEVSQUxfQklOQVJZPSdiJwogICAgICAgICAgICAg ICAgICAgICAgICAgICAgIHwgTElURVJBTF9URVhUPSd0JwogICAgICAgICAgICAgICAgICAgICAg ICAgICAgIHwgTElURVJBTF9VVEY4PSd1JwogICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwg bGl0ZXJhbF9sb2NhbCApCiAgICBsaXRlcmFsX2ZpbGVuYW1lbGVuIDo6PSBsZW5fb2xkMQogICAg bGl0ZXJhbF9maWxlbmFtZSAgICA6Oj0gYnl0ZXNbbGl0ZXJhbF9maWxlbmFtZWxlbl0KICAgICAg ICAgICAgICAgICAgICAgICAgPj49IFxsaXRlcmFsX2RhdGFsZW4gPSBsZW5ndGgtbGl0ZXJhbF9m aWxlbmFtZWxlbi02CiAgICBsaXRlcmFsX2RhdGUgICAgICAgIDo6PSB0aW1lc3RhbXAKICAgIGxp dGVyYWxfZGF0YSAgICAgICAgOjo9ICggICZsaXRlcmFsX2Zvcm1hdD0nYicgICAgICAgYnl0ZXNb bGl0ZXJhbF9kYXRhbGVuXQogICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwgJmxpdGVyYWxf Zm9ybWF0PSd0JyAgICAgICBsYXRpbjFfdGV4dFtsaXRlcmFsX2RhdGFsZW5dCiAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgfCAmbGl0ZXJhbF9mb3JtYXQ9J3UnICAgICAgIHV0ZjhfdGV4dFts aXRlcmFsX2RhdGFsZW5dCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfCAmKGlzbG9jYWwg bGl0ZXJhbF9mb3JtYXQpIGxvY2FsX3RleHRbbGl0ZXJhbF9kYXRhbGVuXSkKICAgIGxpdGVyYWxf Ym9keSAgICAgICAgOjo9IGxpdGVyYWxfZm9ybWF0IGxpdGVyYWxfZmlsZW5hbWVsZW4gbGl0ZXJh bF9maWxlbmFtZQogICAgICAgICAgICAgICAgICAgICAgICAgICAgbGl0ZXJhbF9kYXRlIGxpdGVy YWxfZGF0YQoKCiMgVGFnIDEyOiBUcnVzdAoKICAgICMgUkZDIDQ4ODAgcy4gNS4xMAogICAgdHJ1 c3RfYm9keSAgICAgICAgICA6Oj0gYnl0ZXNbbGVuZ3RoXQoKCiMgVGFnIDEzOiBVc2VyIElEICh0 YWcgMTMpCgogICAgIyBSRkMgNDg4MCBzLiA1LjExCiAgICB1c2VyaWRfYm9keSAgICAgICAgIDo6 PSB1dGY4X3RleHRbbGVuZ3RoXQoKCiMgVGFnIDE3OiBVc2VyIGF0dHJpYnV0ZQoKICAgICMgUkZD IDQ4ODAgcy4gNS4xMgogICAgVVNFUkFUVFJJQl9TVUJQQUNLRVRfSU1BR0UgPSAxCiAgICBVU0VS QVRUUklCX1NVQlBBQ0tFVF9FWFBFUklNRU5UQUwgPSAxMDAuLjExMAogICAgVVNFUkFUVFJJQl9T VUJQQUNLRVRfSUdOT1JFRCA9IDAgfCAxLi45OSB8IDExMS4uMjU1CgpGb3IgaW1hZ2UgdXNlciBh dHRyaWJ1dGVzLCB0aGUgaW1hZ2UgaGVhZGVyIGxlbmd0aCBpcyBlbmNvZGVkIGFzIGEKbGl0dGxl LWVuZGlhbiB1bGludDE2OgoKICAgIGltYWdlX2hlYWRlcl9sZW4gICAgICAgICAgIDo6PSBieXRl IGJ5dGUKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID4+PSBceCA9IHgwICsgeDE8PDgK ClRoZSBvbmx5IGZvcm1hdCBzdXBwb3J0ZWQgYnkgdGhlIHN0YW5kYXJkIGlzIEpGSUY6CgogICAg SU1BR0VfRk9STUFUX0pQRUcgICAgICAgICAgICA9IDEKICAgIGltYWdlX2Zvcm1hdCAgICAgICAg ICAgICAgIDo6PSBJTUFHRV9GT1JNQVRfSlBFRyB8IDEwMC4uMTEwCiAgICBpbWFnZV9oZWFkZXIg ICAgICAgICAgICAgICA6Oj0gMHgxMCAweDAwIDB4MDEgaW1hZ2VfZm9ybWF0CiAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgMHgwMCAweDAwIDB4MDAgMHgwMAogICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgIDB4MDAgMHgwMCAweDAwIDB4MDAKICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAweDAwIDB4MDAgMHgwMCAweDAwCiAgICB1c2VyYXR0cmliX3N1 YnBhY2tldF9pbWFnZSA6Oj0gaW1hZ2VfaGVhZGVyIGJ5dGVzW3N1YnBhY2tldGxlbi0yMF0KICAg IHVzZXJhdHRyaWJfc3VicGFja2V0X3R5cGUgIDo6PSAoICB1c2VyYXR0cmliX3N1YnBhY2tldF9p bWFnZQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB8IFVTRVJBVFRSSUJfU1VC UEFDS0VUX0VYUEVSSU1FTlRBTAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB8 IFVTRVJBVFRSSUJfU1VCUEFDS0VUX0lHTk9SRUQpCiAgICB1c2VyYXR0cmliX3N1YnBhY2tldCAg ICAgICA6Oj0gbmV3bGVuIHVzZXJhdHRyaWJfc3VicGFja2V0X3R5cGUgYnl0ZXNbbmV3bGVuXQog ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPj49IFxkYXRhID0geDIsCiAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgXHR5cGUgPSB4MSwKICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICBcc3VicGFja2V0bGVuID0geDAKICAgIHVzZXJhdHRyaWJfYm9keSAgICAg ICAgICAgIDo6PSB1c2VyYXR0cmliX3N1YnBhY2tldCogbmlsCgoKIyBUYWcgMTg6IFN5bW1ldHJp Y2FsbHkgZW5jcnlwdGVkIGludGVncml0eSBwcm90ZWN0ZWQgZGF0YQoKICAgICMgUkZDIDQ4ODAg cy4gNS4xMwogICAgc2VpcGRfZW5jZGF0YSA6Oj0gYnl0ZXNbbGVuZ3RoLTFdCiAgICBzZWlwZF9i b2R5ICAgIDo6PSAxIHNlaXBkX2VuY2RhdGEKCgojIFRhZyAxOTogTW9kaWZpY2F0aW9uIGRldGVj dGlvbiBjb2RlCgogICAgIyBSRkMgNDg4MCBzLiA1LjE0CiAgICBtZGMgICAgICAgICAgIDo6PSBz aGExX2hhc2gKICAgIG1kY19ib2R5ICAgICAgOjo9IG1kYwoKCiMgQVNDSUkgYXJtb3IgYW5kIGNs ZWFydGV4dCBzaWduYXR1cmVzCgojIyBBU0NJSSBBcm1vcgoKUkZDIDQ4ODAgcy4gNi4KCiAgICBh c2NpaV9hcm1vciAgIDo6PSBhcm1vcl9oZWFkZXJfbGluZQogICAgICAgICAgICAgICAgICAgICAg YXJtb3JfaGVhZGVyKgogICAgICAgICAgICAgICAgICAgICAgYmxhbmtfbGluZQogICAgICAgICAg ICAgICAgICAgICAgYXJtb3JlZF9kYXRhCiAgICAgICAgICAgICAgICAgICAgICBhcm1vcl9jaGVj a3N1bQogICAgICAgICAgICAgICAgICAgICAgYXJtb3JfdGFpbF9saW5lCgojIyBUeXBlcyBvZiBB U0NJSSBhcm1vcgoKICAgIGFzY2lpX21lc3NhZ2UgOjo9ICggICJQR1AgTUVTU0FHRSIKICAgICAg ICAgICAgICAgICAgICAgICB8ICJQR1AgUFVCTElDIEtFWSBCTE9DSyIKICAgICAgICAgICAgICAg ICAgICAgICB8ICJQR1AgUFJJVkFURSBLRVkgQkxPQ0siCiAgICAgICAgICAgICAgICAgICAgICAg fCAiUEdQIE1FU1NBR0UsIFBBUlQgWC9ZIgogICAgICAgICAgICAgICAgICAgICAgIHwgIlBHUCBT SUdOQVRVUkUiKQoKVE9ETyAoYWRkaXRpb25hbCBzZW1hbnRpYyBjb25zdHJhaW50cykgfCAiUEdQ IE1FU1NBR0UsIFBBUlQgWCIKCgojIyBBU0NJSSBBcm1vciBjb21tb24gZGVmaW5pdGlvbnMKCiAg ICBibGFua19saW5lICAgICAgICA6Oj0gd2hpdGVzcGFjZSogIlxuIgogICAgYmFzZTY0X2xpbmUg ICAgICAgOjo9IGJhc2U2NFs3Nl0gIlxuIgogICAgbGFzdF9iYXNlNjQgICAgICAgOjo9IGJhc2U2 NFtsZW5dICI9IltwYWRsZW5dCiAgICAgICAgICAgICAgICAgICAgICAgICAgJigocGFkbGVuPD0z KSAmJiAoKGxlbitwYWRsZW4pPD03NikpCiAgICBhcm1vcmVkX2RhdGEgICAgICA6Oj0gYmFzZTY0 X2xpbmUqIGxhc3RfYmFzZTY0ICJcbiIKICAgIGFybW9yX2NoZWNrc3VtICAgIDo6PSAiPSIgYmFz ZTY0WzRdICJcbiIKCiMjIEhlYWRlciBhbmQgdGFpbCBsaW5lcwoKICAgIGFybW9yX2hlYWRlcl9s aW5lIDo6PSAiLS0tLS1CRUdJTiAiIGFzY2lpX21lc3NhZ2UgIi0tLS0tIiBDUkxGCiAgICAgICAg ICAgICAgICAgICAgICA+Pj0gXG1lc3NhZ2UgPSBhc2NpaV9tZXNzYWdlLAogICAgICAgICAgICAg ICAgICAgICAgICAgIFxhcm1vcl9rZXlzID0gbmlsLAogICAgICAgICAgICAgICAgICAgICAgICAg IFxhcm1vcl92YWx1ZXMgPSBuaWwKICAgIGFybW9yX3RhaWxfbGluZSAgIDo6PSAiLS0tLS1FTkQg IiBcbWVzc2FnZSAiLS0tLS1cbiIKICAgIGFybW9yX2tleV9vdGhlciAgIDo6PSBsYXRpbjFfdGV4 dCAtIHsnOid9CiAgICBhcm1vcl9rZXkgICAgICAgICA6Oj0gICAiVmVyc2lvbiIKICAgICAgICAg ICAgICAgICAgICAgICAgICB8ICJDb21tZW50IgogICAgICAgICAgICAgICAgICAgICAgICAgIHwg Ik1lc3NhZ2VJRCIKICAgICAgICAgICAgICAgICAgICAgICAgICB8ICJIYXNoIgogICAgICAgICAg ICAgICAgICAgICAgICAgIHwgIkNoYXJzZXQiCiAgICAgICAgICAgICAgICAgICAgICAgICAgfCBh cm1vcl9rZXlfb3RoZXIKICAgIGFybW9yX2hlYWRlciAgICAgIDo6PSBhcm1vcl9rZXkgIjogIiBh cm1vcl92YWx1ZQogICAgICAgICAgICAgICAgICAgICAgPj49IFxhcm1vcl9rZXlzICAgPSBcYXJt b3Jfa2V5cyArKyBbYXJtb3Jfa2V5XSwKICAgICAgICAgICAgICAgICAgICAgICAgICBcYXJtb3Jf dmFsdWVzID0gXGFybW9yX3ZhbHVlcyArKyBbYXJtb3JfdmFsdWVdCgoKIyMgQ2xlYXJ0ZXh0IHNp Z25hdHVyZXMKClJGQyA0ODgwIHMuIDcgZGVmaW5lcyBhIHByb2NlZHVyZSBmb3IgZm9ybWluZyBj bGVhcnRleHQgc2lnbmF0dXJlcy4KCkl0IHJlcXVpcmVzICJkYXNoLWVuY29kaW5nIiBvZiB0aGUg c2lnbmVkIG1lc3NhZ2UsIHRvIGF2b2lkIHBhcnNpbmcKYW1iaWd1aXR5LgoKICAgIGxldCBcZGFz aF9lc2NhcGUnIGxpbmUgICA9IElGIChoZWFkIGxpbmUpID09ICItIgogICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgVEhFTiAiLSAiICsrICh0YWlsIGxpbmUpCiAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICBFTFNFIGxpbmUKICAgIGxldCBcZGFzaF9lc2NhcGUgbGluZXMgICA9ICht YXAgXGRhc2hfZXNjYXBlKSBsaW5lcwogICAgbGV0IFxkYXNoX3VuZXNjYXBlJyBsaW5lID0gSUYg KHNlbGVjdCBsaW5lIDAgMykgPT0gIi0gLSIKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IFRIRU4gIi0iICsrICh0YWlsIHRhaWwgdGFpbCBsaW5lKQogICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgRUxTRSBsaW5lCiAgICBsZXQgXGRhc2hfdW5lc2NhcGUgbGluZXMgPSAobWFwIFxk YXNoX3VuZXNjYXBlKSBsaW5lcwogICAgZGFzaF9lc2NhcGVkX3RleHQgICAgOjo9IChkYXNoX2Vz Y2FwZSB1dGY4X2NybGZfdGV4dCopICAgICAgICBDUkxGPwogICAgICAgICAgICAgICAgICAgICAg ICAgPj49IFw9eCA9IChkYXNoX3VuZXNjYXBlIHgwKQoKVGhlIGNsZWFydGV4dCBzaWduYXR1cmUg Zm9ybWF0IGlzIHRoZW4gZ2l2ZW4gYnk6CgogICAgY2xlYXJ0ZXh0X2hlYWRlciAgICAgOjo9ICIt LS0tLUJFR0lOIFBHUCBTSUdORUQgTUVTU0FHRS0tLS0tIiBDUkxGCiAgICBjbGVhcnRleHRfc2ln ICAgICAgICA6Oj0gYXNjaWlfYXJtb3IgJm1lc3NhZ2U9PSJQR1AgU0lHTkFUVVJFIgoKICAgIGNs ZWFydGV4dF9zaWduYXR1cmUgIDo6PSBjbGVhcnRleHRfaGVhZGVyCiAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgZGFzaF9lc2NhcGVkX3RleHQKICAgICAgICAgICAgICAgICAgICAgICAgICAg ICBjbGVhcnRleHRfc2lnCg== --047d7b3a93e0ed94e804fdb4ede3-- From nobody Tue Jul 8 14:34:59 2014 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 346141A013B for ; Tue, 8 Jul 2014 14:34:57 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xnpGbCbZfkTz for ; Tue, 8 Jul 2014 14:34:55 -0700 (PDT) Received: from thumb.scru.org (thumb.scru.org [IPv6:2600:3c00::f03c:91ff:fe96:c8b9]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9B8E41A0123 for ; Tue, 8 Jul 2014 14:34:55 -0700 (PDT) Received: by thumb.scru.org (Postfix, from userid 1000) id 17FBD62593; Tue, 8 Jul 2014 21:34:54 +0000 (UTC) Date: Tue, 8 Jul 2014 21:34:54 +0000 From: Clint Adams To: David Leon Gil Message-ID: <20140708213454.GA3240@scru.org> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Archived-At: http://mailarchive.ietf.org/arch/msg/openpgp/Ynrq4O49dcX1Q7aQv-_fzzDN-7s Cc: openpgp@ietf.org Subject: Re: [openpgp] OpenPGP semantics; questions re DH, SHA-1 with EC privkeys X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Jul 2014 21:34:57 -0000 On Tue, Jul 08, 2014 at 05:03:34PM -0400, David Leon Gil wrote: > So I dashed up a quick draft, vaguely in the XPEG > (parsing-expression-grammar with semantic-reductions) style,[^xpeg] of > a syntax with non-cryptographic semantic constraints for RFCs 4880 > (v4), 5581 (Camellia), and 6637 (EC). It would be interesting if this could be used to automatically validate the types[0] used by hOpenPGP. Thoughts on that? [0] http://anonscm.debian.org/gitweb/?p=users/clint/hOpenPGP.git;a=blob;f=Codec/Encryption/OpenPGP/Types.hs From nobody Tue Jul 8 15:33:39 2014 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 384E21A0167 for ; Tue, 8 Jul 2014 15:33:21 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id puR7ojhfwdAk for ; Tue, 8 Jul 2014 15:33:16 -0700 (PDT) Received: from mail.merrymeet.com (merrymeet.com [173.164.244.100]) by ietfa.amsl.com (Postfix) with ESMTP id 6E6C21A0166 for ; Tue, 8 Jul 2014 15:33:15 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.merrymeet.com (Postfix) with ESMTP id 2CCFF571B150; Tue, 8 Jul 2014 15:33:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at merrymeet.com Received: from mail.merrymeet.com ([127.0.0.1]) by localhost (merrymeet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hgQqL50S7T4J; Tue, 8 Jul 2014 15:33:14 -0700 (PDT) Received: from keys.merrymeet.com (keys.merrymeet.com [173.164.244.97]) by mail.merrymeet.com (Postfix) with ESMTPSA id 7E93B571B145; Tue, 8 Jul 2014 15:33:13 -0700 (PDT) Received: from [10.0.23.30] ([173.164.244.98]) by keys.merrymeet.com (PGP Universal service); Tue, 08 Jul 2014 15:33:14 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Tue, 08 Jul 2014 15:33:14 -0700 Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.2\)) From: Jon Callas In-Reply-To: Date: Tue, 8 Jul 2014 15:33:08 -0700 Message-Id: References: To: David Leon Gil X-Mailer: Apple Mail (2.1878.2) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Archived-At: http://mailarchive.ietf.org/arch/msg/openpgp/Az6hD3iZ8yxATd2Iy4jSILVunzQ Cc: openpgp@ietf.org, Jon Callas Subject: Re: [openpgp] OpenPGP semantics; questions re DH, SHA-1 with EC privkeys X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Jul 2014 22:33:21 -0000 >=20 > I'm particularly interested in the following questions, which are > slightly unclear from the RFCs and what I could find on the list: >=20 > 1. Did X9.42 DH ever see widespread use in any context? (If so, is > there a reference for the ASFs used?) I recall *using* prime-field DH > with an OpenPGP client many years ago, but I believe that it was > especially patched as a test of that functionality. I'm not aware of anyone actually implementing it. It dates from a dream = of being able to cross-code OpenPGP and S/MIME, but I don't think anyone = actually ever did it. > 2. Is it intended for SHA-1 to be permitted for use with the Iterated > and Salted S2K method in RFC 6637 for private key storage? (The plain > text of the RFC does not forbid it, even though it forbids its use as > an ECDH KDF.) It is implicitly forbidden for use as the S2K algorithm > in packet compositions with ECDH and SKESK packets at the 192-bit > security level -- its output is only 180 bits.) It's reasonable to use SHA-1 for a symmetric cipher with key less than = 160 bits.=20 I believe that the last sentence of 3.7.1.3: After the hashing is done, the data is unloaded from the hash context(s) as with the other S2K algorithms. describes how you'd do it, as per 3.7.1.1 with multiple hash contexts. = The word "context(s)" leads me to this. If you looked at the GnuPG source code and considered it definitive, = that's likely good, as I remember that import of private keys always = worked cross-system. > 3. Are there any common packet types, signature packet subtypes, or > algorithms that are moderately interoperable (e.g., recognized by most > PGP software or keyservers) but not included in an RFC? (E.g., I think > that GnuPG's(?) keyring format contains some things that other > software recognizes.) The "keyring trust packets" which are obliquely described in RFC 1991 = interoperate, so far as I know. PGP 2.X used them, and most people kept = doing it the same way despite the working group being forbidden to = define them and other infrastructure. >=20 > And the following question, which the RFC is clear on: >=20 > 4. RFC 4880 explicitly states that a user ID and signature are > optional for a public or private key packet composition to be > importable. Most(?) PGP software requires both for prime-based keys. > I'd suggest that requiring a signature is undesirable for ECDH or DH > keys. Are there any implementations that support this at present? Or > should the requirement for user ID and signature packets just be added > as a consensus constraint that hasn't made it to RFC form yet? The top-level public key of a "key" must be a key capable of signing. So = you can't use a DH key of any type as the top-level key. You can use a = DSA or ECDSA or RSA key as a top-level key. >=20 > (The source for the grammar is under > https://github.com/coruus/openpgp-semantics) >=20 > The syntax is attached as a "Markdown" file, but I recommend reading > it in a monospaced font. >=20 > -dlg >=20 > [^nb]: This is not to suggest, of course, that there is any substitute > for reading the RFCs. Or in some cases, reading the code. Jon= From nobody Thu Jul 10 12:16:10 2014 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A954D1A0B07 for ; Thu, 10 Jul 2014 12:16:08 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mKUr6e3BaMRX for ; Thu, 10 Jul 2014 12:16:06 -0700 (PDT) Received: from mail-vc0-x22a.google.com (mail-vc0-x22a.google.com [IPv6:2607:f8b0:400c:c03::22a]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 86B031A0352 for ; Thu, 10 Jul 2014 12:16:06 -0700 (PDT) Received: by mail-vc0-f170.google.com with SMTP id hy10so62104vcb.29 for ; Thu, 10 Jul 2014 12:16:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; bh=YDewSCoTxEhNkEm95efaJVjAuayum6E0PCHG3UZ48Dw=; b=ds4t0TPdyiJGa7QBQQRO8+0qy/Gtsg7HtTNxEVwu/LJ5Ezn9ouI+zvw1/y7leAd3Lr GcZFDC/j+vnS7TJZFd8uMgxlJ2o6yabt+JIFe+DZixtB3wGbKUu5Wa4kt0Fk0zBeqT85 zarYQHc29BY5l4pGT3E6N+PUCHUT5qyJHvVYI1fI7lQL4d9DQcxB/CUrWRcDSOMu/HdM 2W7Q7fr5sNUZX/6Zx7w5WP2Ka+krvJb1k8Ol5JD3Lbt7c5JtCoi8fMUHKlpWuMAKtPQA GbMNAnMf7syCuUMKg3l7OyGWszgABy/JfWUWLwuCc8MQ95S5iwkQXkC+wG21geO5UTrI LkIg== X-Received: by 10.58.48.193 with SMTP id o1mr1763009ven.68.1405019765649; Thu, 10 Jul 2014 12:16:05 -0700 (PDT) MIME-Version: 1.0 Received: by 10.52.101.198 with HTTP; Thu, 10 Jul 2014 12:15:45 -0700 (PDT) In-Reply-To: References: From: David Leon Gil Date: Thu, 10 Jul 2014 15:15:45 -0400 Message-ID: To: Jon Callas , openpgp@ietf.org, clint@debian.org Content-Type: multipart/alternative; boundary=089e0115ec9208b92d04fddba8c8 Archived-At: http://mailarchive.ietf.org/arch/msg/openpgp/9HXc9ov-Xddq4MXuahrxUehuejs Subject: Re: [openpgp] OpenPGP semantics; questions re DH, SHA-1 with EC privkeys X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Jul 2014 19:16:08 -0000 --089e0115ec9208b92d04fddba8c8 Content-Type: text/plain; charset=UTF-8 Clint: In fact, your work on hOpenPGP was the inspiration for what I'm up to! (Details probably not yet interesting to the list-at-large; but yes, think it's feasible to link up with implementations.) Jon: > > 2. Is it intended for SHA-1 to be permitted for use with the Iterated > > and Salted S2K method in RFC 6637 for private key storage? (The plain > > text of the RFC does not forbid it, even though it forbids its use as > > an ECDH KDF.) It is implicitly forbidden for use as the S2K algorithm > > in packet compositions with ECDH and SKESK packets at the 192-bit > > security level -- its output is only 180 bits.) > > It's reasonable to use SHA-1 for a symmetric cipher with key less than 160 > bits. > Appreciate the confirmation/correction. (The text prohibiting SHA-1 for the KDF in 6637 is so close to the text requiring I&S that I wondered whether S2K had been omitted in error...) The "keyring trust packets" which are obliquely described in RFC 1991 > interoperate, so far as I know. PGP 2.X used them, and most people kept > doing it the same way despite the working group being forbidden to define > them and other infrastructure. Thanks much for the reference. I'll take a look at a few implementations (I've been trying to avoid specifying GnuPG's behavior rather than interoperable behavior). > The top-level public key of a "key" must be a key capable of signing. So > you can't use a DH key of any type as the top-level key. You can use a DSA > or ECDSA or RSA key as a top-level key. You're right. I wasn't taking into account the effect of the packet-composition rules; those require that V4 primary keys be capable of certification (and V3 primary keys are always RSA). And I guess, from the silence on this point, my question is answered: Even though the RFC states that signatures are optional, even for primary keys, implementations don't ordinarily import keys without them. > Or in some cases, reading the code. Agreed. -dlg --089e0115ec9208b92d04fddba8c8 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Clint: In fact, your work on hOpenPGP was the inspiration for what I'm= up to!

(Details probably not yet interesting to t= he list-at-large; but yes, think it's feasible to link up with implemen= tations.)

Jon:
=C2=A0
> 2. Is it intended for SHA-1 to be permitted for use with the Iterated<= br> > and Salted S2K method in RFC 6637 for private key storage? (The plain<= br> > text of the RFC does not forbid it, even though it forbids its use as<= br> > an ECDH KDF.) It is implicitly forbidden for use as the S2K algorithm<= br> > in packet compositions with ECDH and SKESK packets at the 192-bit
> security level -- its output is only 180 bits.)

It's reasonable to use SHA-1 for a symmetric cipher with key less= than 160 bits.

Appreciate the confirma= tion/correction.

(The text prohibiting SHA-1 for t= he KDF in 6637 is so close to the text requiring I&S that I wondered wh= ether S2K had been omitted in error...)

The "keyring trust packets" which= are obliquely described in RFC 1991 interoperate, so far as I know. PGP 2.= X used them, and most people kept doing it the same way despite the working= group being forbidden to define them and other infrastructure.

Thanks much for the reference. I'll take a look at = a few implementations (I've been trying to avoid specifying GnuPG's= behavior rather than interoperable behavior).
=C2=A0
The top-level public key of a "key" must be a key capable of sign= ing. So you can't use a DH key of any type as the top-level key. You ca= n use a DSA or ECDSA or RSA key as a top-level key.

You're right. I wasn't taking into account the effect of= the packet-composition rules; those require that V4 primary keys be capabl= e of certification (and V3 primary keys are always RSA).=C2=A0
And I guess, from the silence on this point, my question is answ= ered: Even though the RFC states that signatures are optional, even for pri= mary keys, implementations don't ordinarily import keys without them.= =C2=A0
=C2=A0
Or in some cases, reading the code.

Agreed.

-dlg
= --089e0115ec9208b92d04fddba8c8--