Commit 809b1b1e authored by Sachin Agrawal's avatar Sachin Agrawal

Merging security-M3 to master

Added support for resource access control, anonymous ECDH,
and Just Works Provisioning.

Patch 1 : Squashed all security-M3 patches and rebased to
          common ancestor of security-M3 and master.
Patch 2 : Rebased to master. (Arduino build fails).
Patch 3-4 : Fix the unit test failures.
Patch 5 : Fix the previsioning server send request issue
          by adding token length.
Patch 6 : Fixed Arduino compilation.
Patch 7 : Fixed DTLS handshake issue.
Patch 8 : Fix the build issue.
Patch 9 : Replaced strncmp with memcmp, As token handling is
          from null terminated string to byte buffer.
Patch 10: Rebased with master.
Patch 11-12: OSX Build Failure Fixes.
Patch 13: Updated README related to secure-Iotivity stack.
Patch 14: Fixed issues identified in Patch 5.
Patch 15: Rebased with master to avoid merge conflicts.
Patch 16: Updated commit message

Change-Id: Icae698c3bf377862b561d6ebba1d784058d28adb
Signed-off-by: default avatarSachin Agrawal <sachin.agrawal@intel.com>
Signed-off-by: default avatarSakthivel Samidurai <sakthivel.samidurai@intel.com>
Signed-off-by: Randeep's avatarRandeep Singh <randeep.s@samsung.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/1071
parent 41359758
File mode changed from 100644 to 100755
......@@ -30,6 +30,7 @@
#include <stdint.h>
#define WITH_AES_DECRYPT 1
#define AES_MAXKEYBITS (256)
#define AES_MAXKEYBYTES (AES_MAXKEYBITS>>3)
/* for 256-bit keys we need 14 rounds for a 128 we only need 10 round */
......
......@@ -54,6 +54,8 @@
#include "crypto.h"
#include "ccm.h"
#include "ecc/ecc.h"
#include "aes/rijndael.h"
#include "sha2/sha2.h"
#include "prng.h"
#include "netq.h"
......@@ -292,7 +294,7 @@ dtls_mac(dtls_hmac_context_t *hmac_ctx,
}
static size_t
dtls_ccm_encrypt(aes128_ccm_t *ccm_ctx, const unsigned char *src, size_t srclen,
dtls_ccm_encrypt(aes128_t *ccm_ctx, const unsigned char *src, size_t srclen,
unsigned char *buf,
unsigned char *nounce,
const unsigned char *aad, size_t la) {
......@@ -309,7 +311,7 @@ dtls_ccm_encrypt(aes128_ccm_t *ccm_ctx, const unsigned char *src, size_t srclen,
}
static size_t
dtls_ccm_decrypt(aes128_ccm_t *ccm_ctx, const unsigned char *src,
dtls_ccm_decrypt(aes128_t *ccm_ctx, const unsigned char *src,
size_t srclen, unsigned char *buf,
unsigned char *nounce,
const unsigned char *aad, size_t la) {
......@@ -325,6 +327,95 @@ dtls_ccm_decrypt(aes128_ccm_t *ccm_ctx, const unsigned char *src,
return len;
}
static size_t
dtls_cbc_encrypt(aes128_t *aes_ctx,
const unsigned char *iv,
const unsigned char *src, size_t srclen,
unsigned char *buf) {
unsigned char cbc[DTLS_BLK_LENGTH];
unsigned char tmp[DTLS_BLK_LENGTH];
unsigned char *pos;
dtls_hash_ctx shactx;
int i, j;
int blocks;
pos = buf;
dtls_hash_init(&shactx);
dtls_hash_update(&shactx, src, srclen);
dtls_hash_finalize(pos + srclen, &shactx);
memcpy(cbc, iv, DTLS_BLK_LENGTH);
blocks = (srclen + SHA256_DIGEST_LENGTH) / DTLS_BLK_LENGTH;
for (i = 0; i < blocks; i++) {
for (j = 0; j < DTLS_BLK_LENGTH; j++) {
cbc[j] ^= pos[j];
}
rijndael_encrypt(&aes_ctx->ctx, cbc, tmp);
memcpy(cbc, tmp, DTLS_BLK_LENGTH);
memcpy(pos, cbc, DTLS_BLK_LENGTH);
pos += DTLS_BLK_LENGTH;
}
dtls_debug_dump("Encrypted Data:", buf, srclen + SHA256_DIGEST_LENGTH);
return srclen + SHA256_DIGEST_LENGTH;
}
static size_t
dtls_cbc_decrypt(aes128_t *aes_ctx,
const unsigned char *iv,
const unsigned char *src, size_t srclen,
unsigned char *buf) {
unsigned char cbc[DTLS_BLK_LENGTH];
unsigned char tmp[DTLS_BLK_LENGTH];
unsigned char tmp2[DTLS_BLK_LENGTH];
unsigned char msg_hash[SHA256_DIGEST_LENGTH];
unsigned char *pos;
dtls_hash_ctx shactx;
int i, j;
int blocks;
pos = buf;
memcpy(pos, src, srclen);
memcpy(cbc, iv, DTLS_BLK_LENGTH);
blocks = srclen / DTLS_BLK_LENGTH;
for (i = 0; i < blocks; i++)
{
memcpy(tmp, pos, DTLS_BLK_LENGTH);
rijndael_decrypt(&aes_ctx->ctx, pos, tmp2);
memcpy(pos, tmp2, DTLS_BLK_LENGTH);
for (j = 0; j < DTLS_BLK_LENGTH; j++) {
pos[j] ^= cbc[j];
}
memcpy(cbc, tmp, DTLS_BLK_LENGTH);
pos += DTLS_BLK_LENGTH;
}
dtls_hash_init(&shactx);
dtls_hash_update(&shactx, buf, srclen - SHA256_DIGEST_LENGTH);
dtls_hash_finalize(msg_hash, &shactx);
dtls_debug_dump("decrypted data:", buf, srclen);
if(memcmp(msg_hash, buf + (srclen - SHA256_DIGEST_LENGTH), SHA256_DIGEST_LENGTH) != 0)
{
dtls_warn("message is broken\n");
return -1;
}
return srclen - SHA256_DIGEST_LENGTH;
}
#ifdef DTLS_PSK
int
dtls_psk_pre_master_secret(unsigned char *key, size_t keylen,
......@@ -505,21 +596,37 @@ dtls_encrypt(const unsigned char *src, size_t length,
unsigned char *buf,
unsigned char *nounce,
unsigned char *key, size_t keylen,
const unsigned char *aad, size_t la)
const unsigned char *aad, size_t la,
const dtls_cipher_t cipher)
{
int ret;
int ret = 0;
struct dtls_cipher_context_t *ctx = dtls_cipher_context_get();
ret = rijndael_set_key_enc_only(&ctx->data.ctx, key, 8 * keylen);
if (ret < 0) {
/* cleanup everything in case the key has the wrong size */
dtls_warn("cannot set rijndael key\n");
goto error;
if(cipher == TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 ||
cipher == TLS_PSK_WITH_AES_128_CCM_8) {
ret = rijndael_set_key_enc_only(&ctx->data.ctx, key, 8 * keylen);
if (ret < 0) {
/* cleanup everything in case the key has the wrong size */
dtls_warn("cannot set rijndael key\n");
goto error;
}
if (src != buf)
memmove(buf, src, length);
ret = dtls_ccm_encrypt(&ctx->data, src, length, buf, nounce, aad, la);
}
if(cipher == TLS_ECDH_anon_WITH_AES_128_CBC_SHA) {
ret = rijndael_set_key(&ctx->data.ctx, key, 8 * keylen);
if (ret < 0) {
/* cleanup everything in case the key has the wrong size */
dtls_warn("cannot set rijndael key\n");
goto error;
}
if (src != buf)
memmove(buf, src, length);
ret = dtls_cbc_encrypt(&ctx->data, nounce, src, length, buf);
}
if (src != buf)
memmove(buf, src, length);
ret = dtls_ccm_encrypt(&ctx->data, src, length, buf, nounce, aad, la);
error:
dtls_cipher_context_release();
......@@ -531,21 +638,38 @@ dtls_decrypt(const unsigned char *src, size_t length,
unsigned char *buf,
unsigned char *nounce,
unsigned char *key, size_t keylen,
const unsigned char *aad, size_t la)
const unsigned char *aad, size_t la,
const dtls_cipher_t cipher)
{
int ret;
int ret = 0;
struct dtls_cipher_context_t *ctx = dtls_cipher_context_get();
ret = rijndael_set_key_enc_only(&ctx->data.ctx, key, 8 * keylen);
if (ret < 0) {
/* cleanup everything in case the key has the wrong size */
dtls_warn("cannot set rijndael key\n");
goto error;
if(cipher == TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 ||
cipher == TLS_PSK_WITH_AES_128_CCM_8) {
ret = rijndael_set_key_enc_only(&ctx->data.ctx, key, 8 * keylen);
if (ret < 0) {
/* cleanup everything in case the key has the wrong size */
dtls_warn("cannot set rijndael key\n");
goto error;
}
if (src != buf)
memmove(buf, src, length);
ret = dtls_ccm_decrypt(&ctx->data, src, length, buf, nounce, aad, la);
}
if (src != buf)
memmove(buf, src, length);
ret = dtls_ccm_decrypt(&ctx->data, src, length, buf, nounce, aad, la);
if(cipher == TLS_ECDH_anon_WITH_AES_128_CBC_SHA) {
ret = rijndael_set_key(&ctx->data.ctx, key, 8 * keylen);
if (ret < 0) {
/* cleanup everything in case the key has the wrong size */
dtls_warn("cannot set rijndael key\n");
goto error;
}
if (src != buf)
memmove(buf, src, length);
ret = dtls_cbc_decrypt(&ctx->data, nounce, src, length, buf);
}
error:
dtls_cipher_context_release();
......
......@@ -69,11 +69,11 @@ typedef enum {
/** Crypto context for TLS_PSK_WITH_AES_128_CCM_8 cipher suite. */
typedef struct {
rijndael_ctx ctx; /**< AES-128 encryption context */
} aes128_ccm_t;
} aes128_t;
typedef struct dtls_cipher_context_t {
/** numeric identifier of this cipher suite in host byte order. */
aes128_ccm_t data; /**< The crypto context */
aes128_t data; /**< The crypto context */
} dtls_cipher_context_t;
typedef struct {
......@@ -82,7 +82,8 @@ typedef struct {
uint8 other_eph_pub_y[32];
uint8 other_pub_x[32];
uint8 other_pub_y[32];
} dtls_handshake_parameters_ecdsa_t;
} dtls_handshake_parameters_ecc_t;
/* This is the maximal supported length of the psk client identity and psk
* server identity hint */
......@@ -129,7 +130,7 @@ typedef struct {
unsigned int do_client_auth:1;
union {
#ifdef DTLS_ECC
dtls_handshake_parameters_ecdsa_t ecdsa;
dtls_handshake_parameters_ecc_t ecc;
#endif /* DTLS_ECC */
#ifdef DTLS_PSK
dtls_handshake_parameters_psk_t psk;
......@@ -265,7 +266,8 @@ int dtls_encrypt(const unsigned char *src, size_t length,
unsigned char *buf,
unsigned char *nounce,
unsigned char *key, size_t keylen,
const unsigned char *aad, size_t aad_length);
const unsigned char *aad, size_t aad_length,
const dtls_cipher_t cipher);
/**
* Decrypts the given buffer \p src of given \p length, writing the
......@@ -289,7 +291,8 @@ int dtls_decrypt(const unsigned char *src, size_t length,
unsigned char *buf,
unsigned char *nounce,
unsigned char *key, size_t keylen,
const unsigned char *a_data, size_t a_data_length);
const unsigned char *a_data, size_t a_data_length,
const dtls_cipher_t cipher);
/* helper functions */
......
This diff is collapsed.
......@@ -60,12 +60,12 @@ typedef enum dtls_credentials_type_t {
DTLS_PSK_HINT, DTLS_PSK_IDENTITY, DTLS_PSK_KEY
} dtls_credentials_type_t;
typedef struct dtls_ecdsa_key_t {
typedef struct dtls_ecc_key_t {
dtls_ecdh_curve curve;
const unsigned char *priv_key; /** < private key as bytes > */
const unsigned char *pub_key_x; /** < x part of the public key for the given private key > */
const unsigned char *pub_key_y; /** < y part of the public key for the given private key > */
} dtls_ecdsa_key_t;
} dtls_ecc_key_t;
/** Length of the secret that is used for generating Hello Verify cookies. */
#define DTLS_COOKIE_SECRET_LENGTH 12
......@@ -183,7 +183,7 @@ typedef struct {
*/
int (*get_ecdsa_key)(struct dtls_context_t *ctx,
const session_t *session,
const dtls_ecdsa_key_t **result);
const dtls_ecc_key_t **result);
/**
* Called during handshake to check the peer's pubic key in this
......@@ -238,6 +238,10 @@ typedef struct dtls_context_t {
dtls_handler_t *h; /**< callback handlers */
dtls_cipher_enable_t is_anon_ecdh_eabled; /**< enable/disable the TLS_ECDH_anon_WITH_AES_128_CBC_SHA */
dtls_cipher_t selected_cipher; /**< selected ciper suite for handshake */
unsigned char readbuf[DTLS_MAX_BUF];
} dtls_context_t;
......@@ -263,6 +267,24 @@ static inline void dtls_set_handler(dtls_context_t *ctx, dtls_handler_t *h) {
ctx->h = h;
}
/**
* @brief Enabling the TLS_ECDH_anon_WITH_AES_128_CBC_SHA
*
* @param ctx The DTLS context to use.
* @param is_enable DTLS_CIPHER_ENABLE(1) or DTLS_CIPHER_DISABLE(0)
*/
void dtls_enables_anon_ecdh(dtls_context_t* ctx, dtls_cipher_enable_t is_enable);
/**
* @brief Select the cipher suite for handshake
*
* @param ctx The DTLS context to use.
* @param cipher TLS_ECDH_anon_WITH_AES_128_CBC_SHA (0xC018)
* TLS_PSK_WITH_AES_128_CCM_8 (0xX0A8)
* TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 (0xC0AE)
*/
void dtls_select_cipher(dtls_context_t* ctx, const dtls_cipher_t cipher);
/**
* Establishes a DTLS channel with the specified remote peer @p dst.
* This function returns @c 0 if that channel already exists, a value
......@@ -415,6 +437,30 @@ int dtls_handle_message(dtls_context_t *ctx, session_t *session,
dtls_peer_t *dtls_get_peer(const dtls_context_t *context,
const session_t *session);
/**
* Invokes the DTLS PRF using the current key block for @p session as
* key and @p label + @p random1 + @p random2 as its input. This function
* writes upto @p buflen bytes into the given output buffer @p buf.
*
* @param ctx The dtls context to use.
* @param session The session whose key shall be used.
* @param label A PRF label.
* @param labellen Actual length of @p label.
* @param random1 Random seed.
* @param random1len Actual length of @p random1 (may be zero).
* @param random2 Random seed.
* @param random2len Actual length of @p random2 (may be zero).
* @param buf Output buffer for generated random data.
* @param buflen Maximum size of @p buf.
*
* @return The actual number of bytes written to @p buf or @c 0 on error.
*/
size_t dtls_prf_with_current_keyblock(dtls_context_t *ctx, session_t *session,
const uint8_t* label, const uint32_t labellen,
const uint8_t* random1, const uint32_t random1len,
const uint8_t* random2, const uint32_t random2len,
uint8_t* buf, const uint32_t buflen);
#endif /* _DTLS_DTLS_H_ */
......
File mode changed from 100644 to 100755
File mode changed from 100644 to 100755
/*
* Copyright (c) 2009 Chris K Cockrum <ckc@cockrum.net>
*
* Copyright (c) 2013 Jens Trillmann <jtrillma@tzi.de>
* Copyright (c) 2013 Marc Müller-Weinhardt <muewei@tzi.de>
* Copyright (c) 2013 Lars Schmertmann <lars@tzi.de>
* Copyright (c) 2013 Hauke Mehrtens <hauke@hauke-m.de>
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*
*
* This implementation is based in part on the paper Implementation of an
* Elliptic Curve Cryptosystem on an 8-bit Microcontroller [0] by
* Chris K Cockrum <ckc@cockrum.net>.
*
* [0]: http://cockrum.net/Implementation_of_ECC_on_an_8-bit_microcontroller.pdf
*
* This is a efficient ECC implementation on the secp256r1 curve for 32 Bit CPU
* architectures. It provides basic operations on the secp256r1 curve and support
* for ECDH and ECDSA.
*/
#include "test_helper.h"
#include "ecc.h"
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
void ecc_printNumber(const uint32_t *x, int numberLength){ //here the values are turned to MSB!
int n;
for(n = numberLength - 1; n >= 0; n--){
printf("%08x", x[n]);
}
printf("\n");
}
void ecc_setRandom(uint32_t *secret){
int i;
for (i = 0; i < arrayLength; ++i)
{
secret[i] = rand();
}
}
const uint32_t ecc_prime_m[8] = {0xffffffff, 0xffffffff, 0xffffffff, 0x00000000,
0x00000000, 0x00000000, 0x00000001, 0xffffffff};
/* This is added after an static byte addition if the answer has a carry in MSB*/
const uint32_t ecc_prime_r[8] = {0x00000001, 0x00000000, 0x00000000, 0xffffffff,
0xffffffff, 0xffffffff, 0xfffffffe, 0x00000000};
#ifdef CONTIKI
void
test_assert(const char *file, int lineno)
{
printf("Assertion failed: file %s, line %d.\n", file, lineno);
/*
* loop for a while;
* call _reset_vector__();
*/
}
#endif
/*
* Copyright (c) 2009 Chris K Cockrum <ckc@cockrum.net>
*
* Copyright (c) 2013 Jens Trillmann <jtrillma@tzi.de>
* Copyright (c) 2013 Marc Müller-Weinhardt <muewei@tzi.de>
* Copyright (c) 2013 Lars Schmertmann <lars@tzi.de>
* Copyright (c) 2013 Hauke Mehrtens <hauke@hauke-m.de>
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*
*
* This implementation is based in part on the paper Implementation of an
* Elliptic Curve Cryptosystem on an 8-bit Microcontroller [0] by
* Chris K Cockrum <ckc@cockrum.net>.
*
* [0]: http://cockrum.net/Implementation_of_ECC_on_an_8-bit_microcontroller.pdf
*
* This is a efficient ECC implementation on the secp256r1 curve for 32 Bit CPU
* architectures. It provides basic operations on the secp256r1 curve and support
* for ECDH and ECDSA.
*/
#include <inttypes.h>
extern const uint32_t ecc_prime_m[8];
extern const uint32_t ecc_prime_r[8];
//debug function to print long numbers
void ecc_printNumber(const uint32_t *x, int numberLength);
void ecc_setRandom(uint32_t *secret);
#ifdef CONTIKI
#undef assert
#define assert(e) ((e) ? (void)0 : test_assert(__FILE__, __LINE__))
void test_assert(const char *, int);
#endif
/*
* Copyright (c) 2009 Chris K Cockrum <ckc@cockrum.net>
*
* Copyright (c) 2013 Jens Trillmann <jtrillma@tzi.de>
* Copyright (c) 2013 Marc Müller-Weinhardt <muewei@tzi.de>
* Copyright (c) 2013 Lars Schmertmann <lars@tzi.de>
* Copyright (c) 2013 Hauke Mehrtens <hauke@hauke-m.de>
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*
*
* This implementation is based in part on the paper Implementation of an
* Elliptic Curve Cryptosystem on an 8-bit Microcontroller [0] by
* Chris K Cockrum <ckc@cockrum.net>.
*
* [0]: http://cockrum.net/Implementation_of_ECC_on_an_8-bit_microcontroller.pdf
*
* This is a efficient ECC implementation on the secp256r1 curve for 32 Bit CPU
* architectures. It provides basic operations on the secp256r1 curve and support
* for ECDH and ECDSA.
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <assert.h>
#include "ecc.h"
#include "test_helper.h"
#ifdef CONTIKI
#include "contiki.h"
#else
#include <time.h>
#endif /* CONTIKI */
//These are testvalues taken from the NIST P-256 definition
//6b17d1f2 e12c4247 f8bce6e5 63a440f2 77037d81 2deb33a0 f4a13945 d898c296
uint32_t BasePointx[8] = { 0xd898c296, 0xf4a13945, 0x2deb33a0, 0x77037d81,
0x63a440f2, 0xf8bce6e5, 0xe12c4247, 0x6b17d1f2};
//4fe342e2 fe1a7f9b 8ee7eb4a 7c0f9e16 2bce3357 6b315ece cbb64068 37bf51f5
uint32_t BasePointy[8] = { 0x37bf51f5, 0xcbb64068, 0x6b315ece, 0x2bce3357,
0x7c0f9e16, 0x8ee7eb4a, 0xfe1a7f9b, 0x4fe342e2};
//de2444be bc8d36e6 82edd27e 0f271508 617519b3 221a8fa0 b77cab39 89da97c9
uint32_t Sx[8] = { 0x89da97c9, 0xb77cab39, 0x221a8fa0, 0x617519b3,
0x0f271508, 0x82edd27e, 0xbc8d36e6, 0xde2444be};
//c093ae7f f36e5380 fc01a5aa d1e66659 702de80f 53cec576 b6350b24 3042a256
uint32_t Sy[8] = { 0x3042a256, 0xb6350b24, 0x53cec576, 0x702de80f,
0xd1e66659, 0xfc01a5aa, 0xf36e5380, 0xc093ae7f};
//55a8b00f 8da1d44e 62f6b3b2 5316212e 39540dc8 61c89575 bb8cf92e 35e0986b
uint32_t Tx[8] = { 0x35e0986b, 0xbb8cf92e, 0x61c89575, 0x39540dc8,
0x5316212e, 0x62f6b3b2, 0x8da1d44e, 0x55a8b00f};
//5421c320 9c2d6c70 4835d82a c4c3dd90 f61a8a52 598b9e7a b656e9d8 c8b24316
uint32_t Ty[8] = { 0xc8b24316, 0xb656e9d8, 0x598b9e7a, 0xf61a8a52,
0xc4c3dd90, 0x4835d82a, 0x9c2d6c70, 0x5421c320};
//c51e4753 afdec1e6 b6c6a5b9 92f43f8d d0c7a893 3072708b 6522468b 2ffb06fd
uint32_t secret[8] = { 0x2ffb06fd, 0x6522468b, 0x3072708b, 0xd0c7a893,
0x92f43f8d, 0xb6c6a5b9, 0xafdec1e6, 0xc51e4753};
//72b13dd4 354b6b81 745195e9 8cc5ba69 70349191 ac476bd4 553cf35a 545a067e
uint32_t resultAddx[8] = { 0x545a067e, 0x553cf35a, 0xac476bd4, 0x70349191,
0x8cc5ba69, 0x745195e9, 0x354b6b81, 0x72b13dd4};
//8d585cbb 2e1327d7 5241a8a1 22d7620d c33b1331 5aa5c9d4 6d013011 744ac264
uint32_t resultAddy[8] = { 0x744ac264, 0x6d013011, 0x5aa5c9d4, 0xc33b1331,
0x22d7620d, 0x5241a8a1, 0x2e1327d7, 0x8d585cbb};
//7669e690 1606ee3b a1a8eef1 e0024c33 df6c22f3 b17481b8 2a860ffc db6127b0
uint32_t resultDoublex[8] = { 0xdb6127b0, 0x2a860ffc, 0xb17481b8, 0xdf6c22f3,
0xe0024c33, 0xa1a8eef1, 0x1606ee3b, 0x7669e690};