source: azure_iot_hub/trunk/wolfssl-3.15.7/wolfcrypt/src/dh.c@ 388

Last change on this file since 388 was 388, checked in by coas-nagasima, 5 years ago

Azure IoT Hub Device C SDK を使ったサンプルの追加
  • Property svn:eol-style set to native
  • Property svn:keywords set to Id
  • Property svn:mime-type set to text/x-csrc
File size: 78.6 KB
Line 
1/* dh.c
2 *
3 * Copyright (C) 2006-2017 wolfSSL Inc.
4 *
5 * This file is part of wolfSSL.
6 *
7 * wolfSSL is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * wolfSSL is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
20 */
21
22
23#ifdef HAVE_CONFIG_H
24 #include <config.h>
25#endif
26
27#include <wolfssl/wolfcrypt/settings.h>
28
29#ifndef NO_DH
30
31#if defined(HAVE_FIPS) && \
32 defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
33
34 /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
35 #define FIPS_NO_WRAPPERS
36
37 #ifdef USE_WINDOWS_API
38 #pragma code_seg(".fipsA$m")
39 #pragma const_seg(".fipsB$m")
40 #endif
41#endif
42
43#include <wolfssl/wolfcrypt/dh.h>
44#include <wolfssl/wolfcrypt/error-crypt.h>
45#include <wolfssl/wolfcrypt/logging.h>
46
47#ifdef WOLFSSL_HAVE_SP_DH
48#include <wolfssl/wolfcrypt/sp.h>
49#endif
50
51#ifdef NO_INLINE
52 #include <wolfssl/wolfcrypt/misc.h>
53#else
54 #define WOLFSSL_MISC_INCLUDED
55 #include <wolfcrypt/src/misc.c>
56#endif
57
58
59/*
60Possible DH enable options:
61 * NO_RSA: Overall control of DH default: on (not defined)
62 * WOLFSSL_OLD_PRIME_CHECK: Disables the new prime number check. It does not
63 directly effect this file, but it does speed up DH
64 removing the testing. It is not recommended to
65 disable the prime checking. default: off
66
67*/
68
69
70#if !defined(USER_MATH_LIB) && !defined(WOLFSSL_DH_CONST)
71 #include <math.h>
72 #define XPOW(x,y) pow((x),(y))
73 #define XLOG(x) log((x))
74#else
75 /* user's own math lib */
76#endif
77
78#ifdef HAVE_FFDHE_2048
79static const byte dh_ffdhe2048_p[] = {
80 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
81 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
82 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
83 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
84 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
85 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
86 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
87 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
88 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
89 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
90 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
91 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
92 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
93 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
94 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
95 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
96 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
97 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
98 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
99 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
100 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
101 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
102 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
103 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
104 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
105 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
106 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
107 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
108 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
109 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
110 0x88, 0x6B, 0x42, 0x38, 0x61, 0x28, 0x5C, 0x97,
111 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
112};
113static const byte dh_ffdhe2048_g[] = { 0x02 };
114#ifdef HAVE_FFDHE_Q
115static const byte dh_ffdhe2048_q[] = {
116 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
117 0xD6, 0xFC, 0x2A, 0x2C, 0x51, 0x5D, 0xA5, 0x4D,
118 0x57, 0xEE, 0x2B, 0x10, 0x13, 0x9E, 0x9E, 0x78,
119 0xEC, 0x5C, 0xE2, 0xC1, 0xE7, 0x16, 0x9B, 0x4A,
120 0xD4, 0xF0, 0x9B, 0x20, 0x8A, 0x32, 0x19, 0xFD,
121 0xE6, 0x49, 0xCE, 0xE7, 0x12, 0x4D, 0x9F, 0x7C,
122 0xBE, 0x97, 0xF1, 0xB1, 0xB1, 0x86, 0x3A, 0xEC,
123 0x7B, 0x40, 0xD9, 0x01, 0x57, 0x62, 0x30, 0xBD,
124 0x69, 0xEF, 0x8F, 0x6A, 0xEA, 0xFE, 0xB2, 0xB0,
125 0x92, 0x19, 0xFA, 0x8F, 0xAF, 0x83, 0x37, 0x68,
126 0x42, 0xB1, 0xB2, 0xAA, 0x9E, 0xF6, 0x8D, 0x79,
127 0xDA, 0xAB, 0x89, 0xAF, 0x3F, 0xAB, 0xE4, 0x9A,
128 0xCC, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xBB,
129 0xF1, 0x53, 0x44, 0xED, 0x79, 0xF7, 0xF4, 0x39,
130 0x0E, 0xF8, 0xAC, 0x50, 0x9B, 0x56, 0xF3, 0x9A,
131 0x98, 0x56, 0x65, 0x27, 0xA4, 0x1D, 0x3C, 0xBD,
132 0x5E, 0x05, 0x58, 0xC1, 0x59, 0x92, 0x7D, 0xB0,
133 0xE8, 0x84, 0x54, 0xA5, 0xD9, 0x64, 0x71, 0xFD,
134 0xDC, 0xB5, 0x6D, 0x5B, 0xB0, 0x6B, 0xFA, 0x34,
135 0x0E, 0xA7, 0xA1, 0x51, 0xEF, 0x1C, 0xA6, 0xFA,
136 0x57, 0x2B, 0x76, 0xF3, 0xB1, 0xB9, 0x5D, 0x8C,
137 0x85, 0x83, 0xD3, 0xE4, 0x77, 0x05, 0x36, 0xB8,
138 0x4F, 0x01, 0x7E, 0x70, 0xE6, 0xFB, 0xF1, 0x76,
139 0x60, 0x1A, 0x02, 0x66, 0x94, 0x1A, 0x17, 0xB0,
140 0xC8, 0xB9, 0x7F, 0x4E, 0x74, 0xC2, 0xC1, 0xFF,
141 0xC7, 0x27, 0x89, 0x19, 0x77, 0x79, 0x40, 0xC1,
142 0xE1, 0xFF, 0x1D, 0x8D, 0xA6, 0x37, 0xD6, 0xB9,
143 0x9D, 0xDA, 0xFE, 0x5E, 0x17, 0x61, 0x10, 0x02,
144 0xE2, 0xC7, 0x78, 0xC1, 0xBE, 0x8B, 0x41, 0xD9,
145 0x63, 0x79, 0xA5, 0x13, 0x60, 0xD9, 0x77, 0xFD,
146 0x44, 0x35, 0xA1, 0x1C, 0x30, 0x94, 0x2E, 0x4B,
147 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
148};
149#endif /* HAVE_FFDHE_Q */
150
151const DhParams* wc_Dh_ffdhe2048_Get(void)
152{
153 static const DhParams ffdhe2048 = {
154 #ifdef HAVE_FFDHE_Q
155 dh_ffdhe2048_q, sizeof(dh_ffdhe2048_q),
156 #endif /* HAVE_FFDHE_Q */
157 dh_ffdhe2048_p, sizeof(dh_ffdhe2048_p),
158 dh_ffdhe2048_g, sizeof(dh_ffdhe2048_g)
159 };
160 return &ffdhe2048;
161}
162#endif
163
164#ifdef HAVE_FFDHE_3072
165static const byte dh_ffdhe3072_p[] = {
166 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
167 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
168 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
169 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
170 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
171 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
172 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
173 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
174 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
175 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
176 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
177 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
178 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
179 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
180 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
181 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
182 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
183 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
184 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
185 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
186 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
187 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
188 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
189 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
190 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
191 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
192 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
193 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
194 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
195 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
196 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC,
197 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B,
198 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
199 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07,
200 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE,
201 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
202 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70,
203 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44,
204 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
205 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF,
206 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E,
207 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
208 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA,
209 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E,
210 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
211 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C,
212 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0xC6, 0x2E, 0x37,
213 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
214};
215static const byte dh_ffdhe3072_g[] = { 0x02 };
216#ifdef HAVE_FFDHE_Q
217static const byte dh_ffdhe3072_q[] = {
218 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
219 0xD6, 0xFC, 0x2A, 0x2C, 0x51, 0x5D, 0xA5, 0x4D,
220 0x57, 0xEE, 0x2B, 0x10, 0x13, 0x9E, 0x9E, 0x78,
221 0xEC, 0x5C, 0xE2, 0xC1, 0xE7, 0x16, 0x9B, 0x4A,
222 0xD4, 0xF0, 0x9B, 0x20, 0x8A, 0x32, 0x19, 0xFD,
223 0xE6, 0x49, 0xCE, 0xE7, 0x12, 0x4D, 0x9F, 0x7C,
224 0xBE, 0x97, 0xF1, 0xB1, 0xB1, 0x86, 0x3A, 0xEC,
225 0x7B, 0x40, 0xD9, 0x01, 0x57, 0x62, 0x30, 0xBD,
226 0x69, 0xEF, 0x8F, 0x6A, 0xEA, 0xFE, 0xB2, 0xB0,
227 0x92, 0x19, 0xFA, 0x8F, 0xAF, 0x83, 0x37, 0x68,
228 0x42, 0xB1, 0xB2, 0xAA, 0x9E, 0xF6, 0x8D, 0x79,
229 0xDA, 0xAB, 0x89, 0xAF, 0x3F, 0xAB, 0xE4, 0x9A,
230 0xCC, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xBB,
231 0xF1, 0x53, 0x44, 0xED, 0x79, 0xF7, 0xF4, 0x39,
232 0x0E, 0xF8, 0xAC, 0x50, 0x9B, 0x56, 0xF3, 0x9A,
233 0x98, 0x56, 0x65, 0x27, 0xA4, 0x1D, 0x3C, 0xBD,
234 0x5E, 0x05, 0x58, 0xC1, 0x59, 0x92, 0x7D, 0xB0,
235 0xE8, 0x84, 0x54, 0xA5, 0xD9, 0x64, 0x71, 0xFD,
236 0xDC, 0xB5, 0x6D, 0x5B, 0xB0, 0x6B, 0xFA, 0x34,
237 0x0E, 0xA7, 0xA1, 0x51, 0xEF, 0x1C, 0xA6, 0xFA,
238 0x57, 0x2B, 0x76, 0xF3, 0xB1, 0xB9, 0x5D, 0x8C,
239 0x85, 0x83, 0xD3, 0xE4, 0x77, 0x05, 0x36, 0xB8,
240 0x4F, 0x01, 0x7E, 0x70, 0xE6, 0xFB, 0xF1, 0x76,
241 0x60, 0x1A, 0x02, 0x66, 0x94, 0x1A, 0x17, 0xB0,
242 0xC8, 0xB9, 0x7F, 0x4E, 0x74, 0xC2, 0xC1, 0xFF,
243 0xC7, 0x27, 0x89, 0x19, 0x77, 0x79, 0x40, 0xC1,
244 0xE1, 0xFF, 0x1D, 0x8D, 0xA6, 0x37, 0xD6, 0xB9,
245 0x9D, 0xDA, 0xFE, 0x5E, 0x17, 0x61, 0x10, 0x02,
246 0xE2, 0xC7, 0x78, 0xC1, 0xBE, 0x8B, 0x41, 0xD9,
247 0x63, 0x79, 0xA5, 0x13, 0x60, 0xD9, 0x77, 0xFD,
248 0x44, 0x35, 0xA1, 0x1C, 0x30, 0x8F, 0xE7, 0xEE,
249 0x6F, 0x1A, 0xAD, 0x9D, 0xB2, 0x8C, 0x81, 0xAD,
250 0xDE, 0x1A, 0x7A, 0x6F, 0x7C, 0xCE, 0x01, 0x1C,
251 0x30, 0xDA, 0x37, 0xE4, 0xEB, 0x73, 0x64, 0x83,
252 0xBD, 0x6C, 0x8E, 0x93, 0x48, 0xFB, 0xFB, 0xF7,
253 0x2C, 0xC6, 0x58, 0x7D, 0x60, 0xC3, 0x6C, 0x8E,
254 0x57, 0x7F, 0x09, 0x84, 0xC2, 0x89, 0xC9, 0x38,
255 0x5A, 0x09, 0x86, 0x49, 0xDE, 0x21, 0xBC, 0xA2,
256 0x7A, 0x7E, 0xA2, 0x29, 0x71, 0x6B, 0xA6, 0xE9,
257 0xB2, 0x79, 0x71, 0x0F, 0x38, 0xFA, 0xA5, 0xFF,
258 0xAE, 0x57, 0x41, 0x55, 0xCE, 0x4E, 0xFB, 0x4F,
259 0x74, 0x36, 0x95, 0xE2, 0x91, 0x1B, 0x1D, 0x06,
260 0xD5, 0xE2, 0x90, 0xCB, 0xCD, 0x86, 0xF5, 0x6D,
261 0x0E, 0xDF, 0xCD, 0x21, 0x6A, 0xE2, 0x24, 0x27,
262 0x05, 0x5E, 0x68, 0x35, 0xFD, 0x29, 0xEE, 0xF7,
263 0x9E, 0x0D, 0x90, 0x77, 0x1F, 0xEA, 0xCE, 0xBE,
264 0x12, 0xF2, 0x0E, 0x95, 0xB3, 0x63, 0x17, 0x1B,
265 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
266};
267#endif /* HAVE_FFDHE_Q */
268
269const DhParams* wc_Dh_ffdhe3072_Get(void)
270{
271 static const DhParams ffdhe3072 = {
272 #ifdef HAVE_FFDHE_Q
273 dh_ffdhe3072_q, sizeof(dh_ffdhe3072_q),
274 #endif /* HAVE_FFDHE_Q */
275 dh_ffdhe3072_p, sizeof(dh_ffdhe3072_p),
276 dh_ffdhe3072_g, sizeof(dh_ffdhe3072_g)
277 };
278 return &ffdhe3072;
279}
280#endif
281
282#ifdef HAVE_FFDHE_4096
283static const byte dh_ffdhe4096_p[] = {
284 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
285 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
286 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
287 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
288 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
289 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
290 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
291 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
292 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
293 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
294 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
295 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
296 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
297 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
298 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
299 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
300 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
301 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
302 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
303 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
304 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
305 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
306 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
307 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
308 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
309 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
310 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
311 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
312 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
313 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
314 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC,
315 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B,
316 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
317 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07,
318 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE,
319 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
320 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70,
321 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44,
322 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
323 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF,
324 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E,
325 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
326 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA,
327 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E,
328 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
329 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C,
330 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1,
331 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB,
332 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6,
333 0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18,
334 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04,
335 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A,
336 0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A,
337 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32,
338 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4,
339 0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38,
340 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A,
341 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C,
342 0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC,
343 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF,
344 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B,
345 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1,
346 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x65, 0x5F, 0x6A,
347 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
348};
349static const byte dh_ffdhe4096_g[] = { 0x02 };
350#ifdef HAVE_FFDHE_Q
351static const byte dh_ffdhe4096_q[] = {
352 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
353 0xD6, 0xFC, 0x2A, 0x2C, 0x51, 0x5D, 0xA5, 0x4D,
354 0x57, 0xEE, 0x2B, 0x10, 0x13, 0x9E, 0x9E, 0x78,
355 0xEC, 0x5C, 0xE2, 0xC1, 0xE7, 0x16, 0x9B, 0x4A,
356 0xD4, 0xF0, 0x9B, 0x20, 0x8A, 0x32, 0x19, 0xFD,
357 0xE6, 0x49, 0xCE, 0xE7, 0x12, 0x4D, 0x9F, 0x7C,
358 0xBE, 0x97, 0xF1, 0xB1, 0xB1, 0x86, 0x3A, 0xEC,
359 0x7B, 0x40, 0xD9, 0x01, 0x57, 0x62, 0x30, 0xBD,
360 0x69, 0xEF, 0x8F, 0x6A, 0xEA, 0xFE, 0xB2, 0xB0,
361 0x92, 0x19, 0xFA, 0x8F, 0xAF, 0x83, 0x37, 0x68,
362 0x42, 0xB1, 0xB2, 0xAA, 0x9E, 0xF6, 0x8D, 0x79,
363 0xDA, 0xAB, 0x89, 0xAF, 0x3F, 0xAB, 0xE4, 0x9A,
364 0xCC, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xBB,
365 0xF1, 0x53, 0x44, 0xED, 0x79, 0xF7, 0xF4, 0x39,
366 0x0E, 0xF8, 0xAC, 0x50, 0x9B, 0x56, 0xF3, 0x9A,
367 0x98, 0x56, 0x65, 0x27, 0xA4, 0x1D, 0x3C, 0xBD,
368 0x5E, 0x05, 0x58, 0xC1, 0x59, 0x92, 0x7D, 0xB0,
369 0xE8, 0x84, 0x54, 0xA5, 0xD9, 0x64, 0x71, 0xFD,
370 0xDC, 0xB5, 0x6D, 0x5B, 0xB0, 0x6B, 0xFA, 0x34,
371 0x0E, 0xA7, 0xA1, 0x51, 0xEF, 0x1C, 0xA6, 0xFA,
372 0x57, 0x2B, 0x76, 0xF3, 0xB1, 0xB9, 0x5D, 0x8C,
373 0x85, 0x83, 0xD3, 0xE4, 0x77, 0x05, 0x36, 0xB8,
374 0x4F, 0x01, 0x7E, 0x70, 0xE6, 0xFB, 0xF1, 0x76,
375 0x60, 0x1A, 0x02, 0x66, 0x94, 0x1A, 0x17, 0xB0,
376 0xC8, 0xB9, 0x7F, 0x4E, 0x74, 0xC2, 0xC1, 0xFF,
377 0xC7, 0x27, 0x89, 0x19, 0x77, 0x79, 0x40, 0xC1,
378 0xE1, 0xFF, 0x1D, 0x8D, 0xA6, 0x37, 0xD6, 0xB9,
379 0x9D, 0xDA, 0xFE, 0x5E, 0x17, 0x61, 0x10, 0x02,
380 0xE2, 0xC7, 0x78, 0xC1, 0xBE, 0x8B, 0x41, 0xD9,
381 0x63, 0x79, 0xA5, 0x13, 0x60, 0xD9, 0x77, 0xFD,
382 0x44, 0x35, 0xA1, 0x1C, 0x30, 0x8F, 0xE7, 0xEE,
383 0x6F, 0x1A, 0xAD, 0x9D, 0xB2, 0x8C, 0x81, 0xAD,
384 0xDE, 0x1A, 0x7A, 0x6F, 0x7C, 0xCE, 0x01, 0x1C,
385 0x30, 0xDA, 0x37, 0xE4, 0xEB, 0x73, 0x64, 0x83,
386 0xBD, 0x6C, 0x8E, 0x93, 0x48, 0xFB, 0xFB, 0xF7,
387 0x2C, 0xC6, 0x58, 0x7D, 0x60, 0xC3, 0x6C, 0x8E,
388 0x57, 0x7F, 0x09, 0x84, 0xC2, 0x89, 0xC9, 0x38,
389 0x5A, 0x09, 0x86, 0x49, 0xDE, 0x21, 0xBC, 0xA2,
390 0x7A, 0x7E, 0xA2, 0x29, 0x71, 0x6B, 0xA6, 0xE9,
391 0xB2, 0x79, 0x71, 0x0F, 0x38, 0xFA, 0xA5, 0xFF,
392 0xAE, 0x57, 0x41, 0x55, 0xCE, 0x4E, 0xFB, 0x4F,
393 0x74, 0x36, 0x95, 0xE2, 0x91, 0x1B, 0x1D, 0x06,
394 0xD5, 0xE2, 0x90, 0xCB, 0xCD, 0x86, 0xF5, 0x6D,
395 0x0E, 0xDF, 0xCD, 0x21, 0x6A, 0xE2, 0x24, 0x27,
396 0x05, 0x5E, 0x68, 0x35, 0xFD, 0x29, 0xEE, 0xF7,
397 0x9E, 0x0D, 0x90, 0x77, 0x1F, 0xEA, 0xCE, 0xBE,
398 0x12, 0xF2, 0x0E, 0x95, 0xB3, 0x4F, 0x0F, 0x78,
399 0xB7, 0x37, 0xA9, 0x61, 0x8B, 0x26, 0xFA, 0x7D,
400 0xBC, 0x98, 0x74, 0xF2, 0x72, 0xC4, 0x2B, 0xDB,
401 0x56, 0x3E, 0xAF, 0xA1, 0x6B, 0x4F, 0xB6, 0x8C,
402 0x3B, 0xB1, 0xE7, 0x8E, 0xAA, 0x81, 0xA0, 0x02,
403 0x43, 0xFA, 0xAD, 0xD2, 0xBF, 0x18, 0xE6, 0x3D,
404 0x38, 0x9A, 0xE4, 0x43, 0x77, 0xDA, 0x18, 0xC5,
405 0x76, 0xB5, 0x0F, 0x00, 0x96, 0xCF, 0x34, 0x19,
406 0x54, 0x83, 0xB0, 0x05, 0x48, 0xC0, 0x98, 0x62,
407 0x36, 0xE3, 0xBC, 0x7C, 0xB8, 0xD6, 0x80, 0x1C,
408 0x04, 0x94, 0xCC, 0xD1, 0x99, 0xE5, 0xC5, 0xBD,
409 0x0D, 0x0E, 0xDC, 0x9E, 0xB8, 0xA0, 0x00, 0x1E,
410 0x15, 0x27, 0x67, 0x54, 0xFC, 0xC6, 0x85, 0x66,
411 0x05, 0x41, 0x48, 0xE6, 0xE7, 0x64, 0xBE, 0xE7,
412 0xC7, 0x64, 0xDA, 0xAD, 0x3F, 0xC4, 0x52, 0x35,
413 0xA6, 0xDA, 0xD4, 0x28, 0xFA, 0x20, 0xC1, 0x70,
414 0xE3, 0x45, 0x00, 0x3F, 0x2F, 0x32, 0xAF, 0xB5,
415 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
416};
417#endif /* HAVE_FFDHE_Q */
418
419const DhParams* wc_Dh_ffdhe4096_Get(void)
420{
421 static const DhParams ffdhe4096 = {
422 #ifdef HAVE_FFDHE_Q
423 dh_ffdhe4096_q, sizeof(dh_ffdhe4096_q),
424 #endif /* HAVE_FFDHE_Q */
425 dh_ffdhe4096_p, sizeof(dh_ffdhe4096_p),
426 dh_ffdhe4096_g, sizeof(dh_ffdhe4096_g)
427 };
428 return &ffdhe4096;
429}
430#endif
431
432#ifdef HAVE_FFDHE_6144
433static const byte dh_ffdhe6144_p[] = {
434 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
435 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
436 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
437 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
438 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
439 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
440 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
441 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
442 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
443 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
444 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
445 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
446 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
447 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
448 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
449 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
450 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
451 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
452 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
453 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
454 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
455 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
456 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
457 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
458 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
459 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
460 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
461 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
462 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
463 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
464 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC,
465 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B,
466 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
467 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07,
468 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE,
469 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
470 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70,
471 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44,
472 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
473 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF,
474 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E,
475 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
476 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA,
477 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E,
478 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
479 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C,
480 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1,
481 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB,
482 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6,
483 0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18,
484 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04,
485 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A,
486 0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A,
487 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32,
488 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4,
489 0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38,
490 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A,
491 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C,
492 0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC,
493 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF,
494 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B,
495 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1,
496 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02,
497 0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A,
498 0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53, 0x2A, 0x3A,
499 0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6,
500 0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8,
501 0x91, 0x7B, 0xDD, 0x64, 0xB1, 0xC0, 0xFD, 0x4C,
502 0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A,
503 0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71,
504 0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F,
505 0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77,
506 0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10,
507 0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8,
508 0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3,
509 0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E,
510 0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3,
511 0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4,
512 0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1,
513 0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, 0xF9, 0x92,
514 0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6,
515 0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82,
516 0x0A, 0xE8, 0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE,
517 0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C,
518 0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E,
519 0x62, 0x29, 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46,
520 0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A,
521 0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17,
522 0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03,
523 0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04,
524 0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6,
525 0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69,
526 0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1,
527 0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4,
528 0xA4, 0x0E, 0x32, 0x9C, 0xD0, 0xE4, 0x0E, 0x65,
529 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
530};
531static const byte dh_ffdhe6144_g[] = { 0x02 };
532#ifdef HAVE_FFDHE_Q
533static const byte dh_ffdhe6144_q[] = {
534 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
535 0xD6, 0xFC, 0x2A, 0x2C, 0x51, 0x5D, 0xA5, 0x4D,
536 0x57, 0xEE, 0x2B, 0x10, 0x13, 0x9E, 0x9E, 0x78,
537 0xEC, 0x5C, 0xE2, 0xC1, 0xE7, 0x16, 0x9B, 0x4A,
538 0xD4, 0xF0, 0x9B, 0x20, 0x8A, 0x32, 0x19, 0xFD,
539 0xE6, 0x49, 0xCE, 0xE7, 0x12, 0x4D, 0x9F, 0x7C,
540 0xBE, 0x97, 0xF1, 0xB1, 0xB1, 0x86, 0x3A, 0xEC,
541 0x7B, 0x40, 0xD9, 0x01, 0x57, 0x62, 0x30, 0xBD,
542 0x69, 0xEF, 0x8F, 0x6A, 0xEA, 0xFE, 0xB2, 0xB0,
543 0x92, 0x19, 0xFA, 0x8F, 0xAF, 0x83, 0x37, 0x68,
544 0x42, 0xB1, 0xB2, 0xAA, 0x9E, 0xF6, 0x8D, 0x79,
545 0xDA, 0xAB, 0x89, 0xAF, 0x3F, 0xAB, 0xE4, 0x9A,
546 0xCC, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xBB,
547 0xF1, 0x53, 0x44, 0xED, 0x79, 0xF7, 0xF4, 0x39,
548 0x0E, 0xF8, 0xAC, 0x50, 0x9B, 0x56, 0xF3, 0x9A,
549 0x98, 0x56, 0x65, 0x27, 0xA4, 0x1D, 0x3C, 0xBD,
550 0x5E, 0x05, 0x58, 0xC1, 0x59, 0x92, 0x7D, 0xB0,
551 0xE8, 0x84, 0x54, 0xA5, 0xD9, 0x64, 0x71, 0xFD,
552 0xDC, 0xB5, 0x6D, 0x5B, 0xB0, 0x6B, 0xFA, 0x34,
553 0x0E, 0xA7, 0xA1, 0x51, 0xEF, 0x1C, 0xA6, 0xFA,
554 0x57, 0x2B, 0x76, 0xF3, 0xB1, 0xB9, 0x5D, 0x8C,
555 0x85, 0x83, 0xD3, 0xE4, 0x77, 0x05, 0x36, 0xB8,
556 0x4F, 0x01, 0x7E, 0x70, 0xE6, 0xFB, 0xF1, 0x76,
557 0x60, 0x1A, 0x02, 0x66, 0x94, 0x1A, 0x17, 0xB0,
558 0xC8, 0xB9, 0x7F, 0x4E, 0x74, 0xC2, 0xC1, 0xFF,
559 0xC7, 0x27, 0x89, 0x19, 0x77, 0x79, 0x40, 0xC1,
560 0xE1, 0xFF, 0x1D, 0x8D, 0xA6, 0x37, 0xD6, 0xB9,
561 0x9D, 0xDA, 0xFE, 0x5E, 0x17, 0x61, 0x10, 0x02,
562 0xE2, 0xC7, 0x78, 0xC1, 0xBE, 0x8B, 0x41, 0xD9,
563 0x63, 0x79, 0xA5, 0x13, 0x60, 0xD9, 0x77, 0xFD,
564 0x44, 0x35, 0xA1, 0x1C, 0x30, 0x8F, 0xE7, 0xEE,
565 0x6F, 0x1A, 0xAD, 0x9D, 0xB2, 0x8C, 0x81, 0xAD,
566 0xDE, 0x1A, 0x7A, 0x6F, 0x7C, 0xCE, 0x01, 0x1C,
567 0x30, 0xDA, 0x37, 0xE4, 0xEB, 0x73, 0x64, 0x83,
568 0xBD, 0x6C, 0x8E, 0x93, 0x48, 0xFB, 0xFB, 0xF7,
569 0x2C, 0xC6, 0x58, 0x7D, 0x60, 0xC3, 0x6C, 0x8E,
570 0x57, 0x7F, 0x09, 0x84, 0xC2, 0x89, 0xC9, 0x38,
571 0x5A, 0x09, 0x86, 0x49, 0xDE, 0x21, 0xBC, 0xA2,
572 0x7A, 0x7E, 0xA2, 0x29, 0x71, 0x6B, 0xA6, 0xE9,
573 0xB2, 0x79, 0x71, 0x0F, 0x38, 0xFA, 0xA5, 0xFF,
574 0xAE, 0x57, 0x41, 0x55, 0xCE, 0x4E, 0xFB, 0x4F,
575 0x74, 0x36, 0x95, 0xE2, 0x91, 0x1B, 0x1D, 0x06,
576 0xD5, 0xE2, 0x90, 0xCB, 0xCD, 0x86, 0xF5, 0x6D,
577 0x0E, 0xDF, 0xCD, 0x21, 0x6A, 0xE2, 0x24, 0x27,
578 0x05, 0x5E, 0x68, 0x35, 0xFD, 0x29, 0xEE, 0xF7,
579 0x9E, 0x0D, 0x90, 0x77, 0x1F, 0xEA, 0xCE, 0xBE,
580 0x12, 0xF2, 0x0E, 0x95, 0xB3, 0x4F, 0x0F, 0x78,
581 0xB7, 0x37, 0xA9, 0x61, 0x8B, 0x26, 0xFA, 0x7D,
582 0xBC, 0x98, 0x74, 0xF2, 0x72, 0xC4, 0x2B, 0xDB,
583 0x56, 0x3E, 0xAF, 0xA1, 0x6B, 0x4F, 0xB6, 0x8C,
584 0x3B, 0xB1, 0xE7, 0x8E, 0xAA, 0x81, 0xA0, 0x02,
585 0x43, 0xFA, 0xAD, 0xD2, 0xBF, 0x18, 0xE6, 0x3D,
586 0x38, 0x9A, 0xE4, 0x43, 0x77, 0xDA, 0x18, 0xC5,
587 0x76, 0xB5, 0x0F, 0x00, 0x96, 0xCF, 0x34, 0x19,
588 0x54, 0x83, 0xB0, 0x05, 0x48, 0xC0, 0x98, 0x62,
589 0x36, 0xE3, 0xBC, 0x7C, 0xB8, 0xD6, 0x80, 0x1C,
590 0x04, 0x94, 0xCC, 0xD1, 0x99, 0xE5, 0xC5, 0xBD,
591 0x0D, 0x0E, 0xDC, 0x9E, 0xB8, 0xA0, 0x00, 0x1E,
592 0x15, 0x27, 0x67, 0x54, 0xFC, 0xC6, 0x85, 0x66,
593 0x05, 0x41, 0x48, 0xE6, 0xE7, 0x64, 0xBE, 0xE7,
594 0xC7, 0x64, 0xDA, 0xAD, 0x3F, 0xC4, 0x52, 0x35,
595 0xA6, 0xDA, 0xD4, 0x28, 0xFA, 0x20, 0xC1, 0x70,
596 0xE3, 0x45, 0x00, 0x3F, 0x2F, 0x06, 0xEC, 0x81,
597 0x05, 0xFE, 0xB2, 0x5B, 0x22, 0x81, 0xB6, 0x3D,
598 0x27, 0x33, 0xBE, 0x96, 0x1C, 0x29, 0x95, 0x1D,
599 0x11, 0xDD, 0x22, 0x21, 0x65, 0x7A, 0x9F, 0x53,
600 0x1D, 0xDA, 0x2A, 0x19, 0x4D, 0xBB, 0x12, 0x64,
601 0x48, 0xBD, 0xEE, 0xB2, 0x58, 0xE0, 0x7E, 0xA6,
602 0x59, 0xC7, 0x46, 0x19, 0xA6, 0x38, 0x0E, 0x1D,
603 0x66, 0xD6, 0x83, 0x2B, 0xFE, 0x67, 0xF6, 0x38,
604 0xCD, 0x8F, 0xAE, 0x1F, 0x27, 0x23, 0x02, 0x0F,
605 0x9C, 0x40, 0xA3, 0xFD, 0xA6, 0x7E, 0xDA, 0x3B,
606 0xD2, 0x92, 0x38, 0xFB, 0xD4, 0xD4, 0xB4, 0x88,
607 0x5C, 0x2A, 0x99, 0x17, 0x6D, 0xB1, 0xA0, 0x6C,
608 0x50, 0x07, 0x78, 0x49, 0x1A, 0x82, 0x88, 0xF1,
609 0x85, 0x5F, 0x60, 0xFF, 0xFC, 0xF1, 0xD1, 0x37,
610 0x3F, 0xD9, 0x4F, 0xC6, 0x0C, 0x18, 0x11, 0xE1,
611 0xAC, 0x3F, 0x1C, 0x6D, 0x00, 0x3B, 0xEC, 0xDA,
612 0x3B, 0x1F, 0x27, 0x25, 0xCA, 0x59, 0x5D, 0xE0,
613 0xCA, 0x63, 0x32, 0x8F, 0x3B, 0xE5, 0x7C, 0xC9,
614 0x77, 0x55, 0x60, 0x11, 0x95, 0x14, 0x0D, 0xFB,
615 0x59, 0xD3, 0x9C, 0xE0, 0x91, 0x30, 0x8B, 0x41,
616 0x05, 0x74, 0x6D, 0xAC, 0x23, 0xD3, 0x3E, 0x5F,
617 0x7C, 0xE4, 0x84, 0x8D, 0xA3, 0x16, 0xA9, 0xC6,
618 0x6B, 0x95, 0x81, 0xBA, 0x35, 0x73, 0xBF, 0xAF,
619 0x31, 0x14, 0x96, 0x18, 0x8A, 0xB1, 0x54, 0x23,
620 0x28, 0x2E, 0xE4, 0x16, 0xDC, 0x2A, 0x19, 0xC5,
621 0x72, 0x4F, 0xA9, 0x1A, 0xE4, 0xAD, 0xC8, 0x8B,
622 0xC6, 0x67, 0x96, 0xEA, 0xE5, 0x67, 0x7A, 0x01,
623 0xF6, 0x4E, 0x8C, 0x08, 0x63, 0x13, 0x95, 0x82,
624 0x2D, 0x9D, 0xB8, 0xFC, 0xEE, 0x35, 0xC0, 0x6B,
625 0x1F, 0xEE, 0xA5, 0x47, 0x4D, 0x6D, 0x8F, 0x34,
626 0xB1, 0x53, 0x4A, 0x93, 0x6A, 0x18, 0xB0, 0xE0,
627 0xD2, 0x0E, 0xAB, 0x86, 0xBC, 0x9C, 0x6D, 0x6A,
628 0x52, 0x07, 0x19, 0x4E, 0x68, 0x72, 0x07, 0x32,
629 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
630};
631#endif /* HAVE_FFDHE_Q */
632
633const DhParams* wc_Dh_ffdhe6144_Get(void)
634{
635 static const DhParams ffdhe6144 = {
636 #ifdef HAVE_FFDHE_Q
637 dh_ffdhe6144_q, sizeof(dh_ffdhe6144_q),
638 #endif /* HAVE_FFDHE_Q */
639 dh_ffdhe6144_p, sizeof(dh_ffdhe6144_p),
640 dh_ffdhe6144_g, sizeof(dh_ffdhe6144_g)
641 };
642 return &ffdhe6144;
643}
644#endif
645
646#ifdef HAVE_FFDHE_8192
647static const byte dh_ffdhe8192_p[] = {
648 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
649 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
650 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
651 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
652 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
653 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
654 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
655 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
656 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
657 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
658 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
659 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
660 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
661 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
662 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
663 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
664 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
665 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
666 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
667 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
668 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
669 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
670 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
671 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
672 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
673 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
674 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
675 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
676 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
677 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
678 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC,
679 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B,
680 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
681 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07,
682 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE,
683 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
684 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70,
685 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44,
686 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
687 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF,
688 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E,
689 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
690 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA,
691 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E,
692 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
693 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C,
694 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1,
695 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB,
696 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6,
697 0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18,
698 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04,
699 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A,
700 0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A,
701 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32,
702 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4,
703 0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38,
704 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A,
705 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C,
706 0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC,
707 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF,
708 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B,
709 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1,
710 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02,
711 0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A,
712 0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53, 0x2A, 0x3A,
713 0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6,
714 0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8,
715 0x91, 0x7B, 0xDD, 0x64, 0xB1, 0xC0, 0xFD, 0x4C,
716 0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A,
717 0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71,
718 0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F,
719 0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77,
720 0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10,
721 0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8,
722 0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3,
723 0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E,
724 0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3,
725 0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4,
726 0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1,
727 0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, 0xF9, 0x92,
728 0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6,
729 0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82,
730 0x0A, 0xE8, 0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE,
731 0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C,
732 0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E,
733 0x62, 0x29, 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46,
734 0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A,
735 0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17,
736 0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03,
737 0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04,
738 0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6,
739 0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69,
740 0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1,
741 0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4,
742 0xA4, 0x0E, 0x32, 0x9C, 0xCF, 0xF4, 0x6A, 0xAA,
743 0x36, 0xAD, 0x00, 0x4C, 0xF6, 0x00, 0xC8, 0x38,
744 0x1E, 0x42, 0x5A, 0x31, 0xD9, 0x51, 0xAE, 0x64,
745 0xFD, 0xB2, 0x3F, 0xCE, 0xC9, 0x50, 0x9D, 0x43,
746 0x68, 0x7F, 0xEB, 0x69, 0xED, 0xD1, 0xCC, 0x5E,
747 0x0B, 0x8C, 0xC3, 0xBD, 0xF6, 0x4B, 0x10, 0xEF,
748 0x86, 0xB6, 0x31, 0x42, 0xA3, 0xAB, 0x88, 0x29,
749 0x55, 0x5B, 0x2F, 0x74, 0x7C, 0x93, 0x26, 0x65,
750 0xCB, 0x2C, 0x0F, 0x1C, 0xC0, 0x1B, 0xD7, 0x02,
751 0x29, 0x38, 0x88, 0x39, 0xD2, 0xAF, 0x05, 0xE4,
752 0x54, 0x50, 0x4A, 0xC7, 0x8B, 0x75, 0x82, 0x82,
753 0x28, 0x46, 0xC0, 0xBA, 0x35, 0xC3, 0x5F, 0x5C,
754 0x59, 0x16, 0x0C, 0xC0, 0x46, 0xFD, 0x82, 0x51,
755 0x54, 0x1F, 0xC6, 0x8C, 0x9C, 0x86, 0xB0, 0x22,
756 0xBB, 0x70, 0x99, 0x87, 0x6A, 0x46, 0x0E, 0x74,
757 0x51, 0xA8, 0xA9, 0x31, 0x09, 0x70, 0x3F, 0xEE,
758 0x1C, 0x21, 0x7E, 0x6C, 0x38, 0x26, 0xE5, 0x2C,
759 0x51, 0xAA, 0x69, 0x1E, 0x0E, 0x42, 0x3C, 0xFC,
760 0x99, 0xE9, 0xE3, 0x16, 0x50, 0xC1, 0x21, 0x7B,
761 0x62, 0x48, 0x16, 0xCD, 0xAD, 0x9A, 0x95, 0xF9,
762 0xD5, 0xB8, 0x01, 0x94, 0x88, 0xD9, 0xC0, 0xA0,
763 0xA1, 0xFE, 0x30, 0x75, 0xA5, 0x77, 0xE2, 0x31,
764 0x83, 0xF8, 0x1D, 0x4A, 0x3F, 0x2F, 0xA4, 0x57,
765 0x1E, 0xFC, 0x8C, 0xE0, 0xBA, 0x8A, 0x4F, 0xE8,
766 0xB6, 0x85, 0x5D, 0xFE, 0x72, 0xB0, 0xA6, 0x6E,
767 0xDE, 0xD2, 0xFB, 0xAB, 0xFB, 0xE5, 0x8A, 0x30,
768 0xFA, 0xFA, 0xBE, 0x1C, 0x5D, 0x71, 0xA8, 0x7E,
769 0x2F, 0x74, 0x1E, 0xF8, 0xC1, 0xFE, 0x86, 0xFE,
770 0xA6, 0xBB, 0xFD, 0xE5, 0x30, 0x67, 0x7F, 0x0D,
771 0x97, 0xD1, 0x1D, 0x49, 0xF7, 0xA8, 0x44, 0x3D,
772 0x08, 0x22, 0xE5, 0x06, 0xA9, 0xF4, 0x61, 0x4E,
773 0x01, 0x1E, 0x2A, 0x94, 0x83, 0x8F, 0xF8, 0x8C,
774 0xD6, 0x8C, 0x8B, 0xB7, 0xC5, 0xC6, 0x42, 0x4C,
775 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
776};
777static const byte dh_ffdhe8192_g[] = { 0x02 };
778#ifdef HAVE_FFDHE_Q
779static const byte dh_ffdhe8192_q[] = {
780 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
781 0xD6, 0xFC, 0x2A, 0x2C, 0x51, 0x5D, 0xA5, 0x4D,
782 0x57, 0xEE, 0x2B, 0x10, 0x13, 0x9E, 0x9E, 0x78,
783 0xEC, 0x5C, 0xE2, 0xC1, 0xE7, 0x16, 0x9B, 0x4A,
784 0xD4, 0xF0, 0x9B, 0x20, 0x8A, 0x32, 0x19, 0xFD,
785 0xE6, 0x49, 0xCE, 0xE7, 0x12, 0x4D, 0x9F, 0x7C,
786 0xBE, 0x97, 0xF1, 0xB1, 0xB1, 0x86, 0x3A, 0xEC,
787 0x7B, 0x40, 0xD9, 0x01, 0x57, 0x62, 0x30, 0xBD,
788 0x69, 0xEF, 0x8F, 0x6A, 0xEA, 0xFE, 0xB2, 0xB0,
789 0x92, 0x19, 0xFA, 0x8F, 0xAF, 0x83, 0x37, 0x68,
790 0x42, 0xB1, 0xB2, 0xAA, 0x9E, 0xF6, 0x8D, 0x79,
791 0xDA, 0xAB, 0x89, 0xAF, 0x3F, 0xAB, 0xE4, 0x9A,
792 0xCC, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xBB,
793 0xF1, 0x53, 0x44, 0xED, 0x79, 0xF7, 0xF4, 0x39,
794 0x0E, 0xF8, 0xAC, 0x50, 0x9B, 0x56, 0xF3, 0x9A,
795 0x98, 0x56, 0x65, 0x27, 0xA4, 0x1D, 0x3C, 0xBD,
796 0x5E, 0x05, 0x58, 0xC1, 0x59, 0x92, 0x7D, 0xB0,
797 0xE8, 0x84, 0x54, 0xA5, 0xD9, 0x64, 0x71, 0xFD,
798 0xDC, 0xB5, 0x6D, 0x5B, 0xB0, 0x6B, 0xFA, 0x34,
799 0x0E, 0xA7, 0xA1, 0x51, 0xEF, 0x1C, 0xA6, 0xFA,
800 0x57, 0x2B, 0x76, 0xF3, 0xB1, 0xB9, 0x5D, 0x8C,
801 0x85, 0x83, 0xD3, 0xE4, 0x77, 0x05, 0x36, 0xB8,
802 0x4F, 0x01, 0x7E, 0x70, 0xE6, 0xFB, 0xF1, 0x76,
803 0x60, 0x1A, 0x02, 0x66, 0x94, 0x1A, 0x17, 0xB0,
804 0xC8, 0xB9, 0x7F, 0x4E, 0x74, 0xC2, 0xC1, 0xFF,
805 0xC7, 0x27, 0x89, 0x19, 0x77, 0x79, 0x40, 0xC1,
806 0xE1, 0xFF, 0x1D, 0x8D, 0xA6, 0x37, 0xD6, 0xB9,
807 0x9D, 0xDA, 0xFE, 0x5E, 0x17, 0x61, 0x10, 0x02,
808 0xE2, 0xC7, 0x78, 0xC1, 0xBE, 0x8B, 0x41, 0xD9,
809 0x63, 0x79, 0xA5, 0x13, 0x60, 0xD9, 0x77, 0xFD,
810 0x44, 0x35, 0xA1, 0x1C, 0x30, 0x8F, 0xE7, 0xEE,
811 0x6F, 0x1A, 0xAD, 0x9D, 0xB2, 0x8C, 0x81, 0xAD,
812 0xDE, 0x1A, 0x7A, 0x6F, 0x7C, 0xCE, 0x01, 0x1C,
813 0x30, 0xDA, 0x37, 0xE4, 0xEB, 0x73, 0x64, 0x83,
814 0xBD, 0x6C, 0x8E, 0x93, 0x48, 0xFB, 0xFB, 0xF7,
815 0x2C, 0xC6, 0x58, 0x7D, 0x60, 0xC3, 0x6C, 0x8E,
816 0x57, 0x7F, 0x09, 0x84, 0xC2, 0x89, 0xC9, 0x38,
817 0x5A, 0x09, 0x86, 0x49, 0xDE, 0x21, 0xBC, 0xA2,
818 0x7A, 0x7E, 0xA2, 0x29, 0x71, 0x6B, 0xA6, 0xE9,
819 0xB2, 0x79, 0x71, 0x0F, 0x38, 0xFA, 0xA5, 0xFF,
820 0xAE, 0x57, 0x41, 0x55, 0xCE, 0x4E, 0xFB, 0x4F,
821 0x74, 0x36, 0x95, 0xE2, 0x91, 0x1B, 0x1D, 0x06,
822 0xD5, 0xE2, 0x90, 0xCB, 0xCD, 0x86, 0xF5, 0x6D,
823 0x0E, 0xDF, 0xCD, 0x21, 0x6A, 0xE2, 0x24, 0x27,
824 0x05, 0x5E, 0x68, 0x35, 0xFD, 0x29, 0xEE, 0xF7,
825 0x9E, 0x0D, 0x90, 0x77, 0x1F, 0xEA, 0xCE, 0xBE,
826 0x12, 0xF2, 0x0E, 0x95, 0xB3, 0x4F, 0x0F, 0x78,
827 0xB7, 0x37, 0xA9, 0x61, 0x8B, 0x26, 0xFA, 0x7D,
828 0xBC, 0x98, 0x74, 0xF2, 0x72, 0xC4, 0x2B, 0xDB,
829 0x56, 0x3E, 0xAF, 0xA1, 0x6B, 0x4F, 0xB6, 0x8C,
830 0x3B, 0xB1, 0xE7, 0x8E, 0xAA, 0x81, 0xA0, 0x02,
831 0x43, 0xFA, 0xAD, 0xD2, 0xBF, 0x18, 0xE6, 0x3D,
832 0x38, 0x9A, 0xE4, 0x43, 0x77, 0xDA, 0x18, 0xC5,
833 0x76, 0xB5, 0x0F, 0x00, 0x96, 0xCF, 0x34, 0x19,
834 0x54, 0x83, 0xB0, 0x05, 0x48, 0xC0, 0x98, 0x62,
835 0x36, 0xE3, 0xBC, 0x7C, 0xB8, 0xD6, 0x80, 0x1C,
836 0x04, 0x94, 0xCC, 0xD1, 0x99, 0xE5, 0xC5, 0xBD,
837 0x0D, 0x0E, 0xDC, 0x9E, 0xB8, 0xA0, 0x00, 0x1E,
838 0x15, 0x27, 0x67, 0x54, 0xFC, 0xC6, 0x85, 0x66,
839 0x05, 0x41, 0x48, 0xE6, 0xE7, 0x64, 0xBE, 0xE7,
840 0xC7, 0x64, 0xDA, 0xAD, 0x3F, 0xC4, 0x52, 0x35,
841 0xA6, 0xDA, 0xD4, 0x28, 0xFA, 0x20, 0xC1, 0x70,
842 0xE3, 0x45, 0x00, 0x3F, 0x2F, 0x06, 0xEC, 0x81,
843 0x05, 0xFE, 0xB2, 0x5B, 0x22, 0x81, 0xB6, 0x3D,
844 0x27, 0x33, 0xBE, 0x96, 0x1C, 0x29, 0x95, 0x1D,
845 0x11, 0xDD, 0x22, 0x21, 0x65, 0x7A, 0x9F, 0x53,
846 0x1D, 0xDA, 0x2A, 0x19, 0x4D, 0xBB, 0x12, 0x64,
847 0x48, 0xBD, 0xEE, 0xB2, 0x58, 0xE0, 0x7E, 0xA6,
848 0x59, 0xC7, 0x46, 0x19, 0xA6, 0x38, 0x0E, 0x1D,
849 0x66, 0xD6, 0x83, 0x2B, 0xFE, 0x67, 0xF6, 0x38,
850 0xCD, 0x8F, 0xAE, 0x1F, 0x27, 0x23, 0x02, 0x0F,
851 0x9C, 0x40, 0xA3, 0xFD, 0xA6, 0x7E, 0xDA, 0x3B,
852 0xD2, 0x92, 0x38, 0xFB, 0xD4, 0xD4, 0xB4, 0x88,
853 0x5C, 0x2A, 0x99, 0x17, 0x6D, 0xB1, 0xA0, 0x6C,
854 0x50, 0x07, 0x78, 0x49, 0x1A, 0x82, 0x88, 0xF1,
855 0x85, 0x5F, 0x60, 0xFF, 0xFC, 0xF1, 0xD1, 0x37,
856 0x3F, 0xD9, 0x4F, 0xC6, 0x0C, 0x18, 0x11, 0xE1,
857 0xAC, 0x3F, 0x1C, 0x6D, 0x00, 0x3B, 0xEC, 0xDA,
858 0x3B, 0x1F, 0x27, 0x25, 0xCA, 0x59, 0x5D, 0xE0,
859 0xCA, 0x63, 0x32, 0x8F, 0x3B, 0xE5, 0x7C, 0xC9,
860 0x77, 0x55, 0x60, 0x11, 0x95, 0x14, 0x0D, 0xFB,
861 0x59, 0xD3, 0x9C, 0xE0, 0x91, 0x30, 0x8B, 0x41,
862 0x05, 0x74, 0x6D, 0xAC, 0x23, 0xD3, 0x3E, 0x5F,
863 0x7C, 0xE4, 0x84, 0x8D, 0xA3, 0x16, 0xA9, 0xC6,
864 0x6B, 0x95, 0x81, 0xBA, 0x35, 0x73, 0xBF, 0xAF,
865 0x31, 0x14, 0x96, 0x18, 0x8A, 0xB1, 0x54, 0x23,
866 0x28, 0x2E, 0xE4, 0x16, 0xDC, 0x2A, 0x19, 0xC5,
867 0x72, 0x4F, 0xA9, 0x1A, 0xE4, 0xAD, 0xC8, 0x8B,
868 0xC6, 0x67, 0x96, 0xEA, 0xE5, 0x67, 0x7A, 0x01,
869 0xF6, 0x4E, 0x8C, 0x08, 0x63, 0x13, 0x95, 0x82,
870 0x2D, 0x9D, 0xB8, 0xFC, 0xEE, 0x35, 0xC0, 0x6B,
871 0x1F, 0xEE, 0xA5, 0x47, 0x4D, 0x6D, 0x8F, 0x34,
872 0xB1, 0x53, 0x4A, 0x93, 0x6A, 0x18, 0xB0, 0xE0,
873 0xD2, 0x0E, 0xAB, 0x86, 0xBC, 0x9C, 0x6D, 0x6A,
874 0x52, 0x07, 0x19, 0x4E, 0x67, 0xFA, 0x35, 0x55,
875 0x1B, 0x56, 0x80, 0x26, 0x7B, 0x00, 0x64, 0x1C,
876 0x0F, 0x21, 0x2D, 0x18, 0xEC, 0xA8, 0xD7, 0x32,
877 0x7E, 0xD9, 0x1F, 0xE7, 0x64, 0xA8, 0x4E, 0xA1,
878 0xB4, 0x3F, 0xF5, 0xB4, 0xF6, 0xE8, 0xE6, 0x2F,
879 0x05, 0xC6, 0x61, 0xDE, 0xFB, 0x25, 0x88, 0x77,
880 0xC3, 0x5B, 0x18, 0xA1, 0x51, 0xD5, 0xC4, 0x14,
881 0xAA, 0xAD, 0x97, 0xBA, 0x3E, 0x49, 0x93, 0x32,
882 0xE5, 0x96, 0x07, 0x8E, 0x60, 0x0D, 0xEB, 0x81,
883 0x14, 0x9C, 0x44, 0x1C, 0xE9, 0x57, 0x82, 0xF2,
884 0x2A, 0x28, 0x25, 0x63, 0xC5, 0xBA, 0xC1, 0x41,
885 0x14, 0x23, 0x60, 0x5D, 0x1A, 0xE1, 0xAF, 0xAE,
886 0x2C, 0x8B, 0x06, 0x60, 0x23, 0x7E, 0xC1, 0x28,
887 0xAA, 0x0F, 0xE3, 0x46, 0x4E, 0x43, 0x58, 0x11,
888 0x5D, 0xB8, 0x4C, 0xC3, 0xB5, 0x23, 0x07, 0x3A,
889 0x28, 0xD4, 0x54, 0x98, 0x84, 0xB8, 0x1F, 0xF7,
890 0x0E, 0x10, 0xBF, 0x36, 0x1C, 0x13, 0x72, 0x96,
891 0x28, 0xD5, 0x34, 0x8F, 0x07, 0x21, 0x1E, 0x7E,
892 0x4C, 0xF4, 0xF1, 0x8B, 0x28, 0x60, 0x90, 0xBD,
893 0xB1, 0x24, 0x0B, 0x66, 0xD6, 0xCD, 0x4A, 0xFC,
894 0xEA, 0xDC, 0x00, 0xCA, 0x44, 0x6C, 0xE0, 0x50,
895 0x50, 0xFF, 0x18, 0x3A, 0xD2, 0xBB, 0xF1, 0x18,
896 0xC1, 0xFC, 0x0E, 0xA5, 0x1F, 0x97, 0xD2, 0x2B,
897 0x8F, 0x7E, 0x46, 0x70, 0x5D, 0x45, 0x27, 0xF4,
898 0x5B, 0x42, 0xAE, 0xFF, 0x39, 0x58, 0x53, 0x37,
899 0x6F, 0x69, 0x7D, 0xD5, 0xFD, 0xF2, 0xC5, 0x18,
900 0x7D, 0x7D, 0x5F, 0x0E, 0x2E, 0xB8, 0xD4, 0x3F,
901 0x17, 0xBA, 0x0F, 0x7C, 0x60, 0xFF, 0x43, 0x7F,
902 0x53, 0x5D, 0xFE, 0xF2, 0x98, 0x33, 0xBF, 0x86,
903 0xCB, 0xE8, 0x8E, 0xA4, 0xFB, 0xD4, 0x22, 0x1E,
904 0x84, 0x11, 0x72, 0x83, 0x54, 0xFA, 0x30, 0xA7,
905 0x00, 0x8F, 0x15, 0x4A, 0x41, 0xC7, 0xFC, 0x46,
906 0x6B, 0x46, 0x45, 0xDB, 0xE2, 0xE3, 0x21, 0x26,
907 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
908};
909#endif /* HAVE_FFDHE_Q */
910
911const DhParams* wc_Dh_ffdhe8192_Get(void)
912{
913 static const DhParams ffdhe8192 = {
914 #ifdef HAVE_FFDHE_Q
915 dh_ffdhe8192_q, sizeof(dh_ffdhe8192_q),
916 #endif /* HAVE_FFDHE_Q */
917 dh_ffdhe8192_p, sizeof(dh_ffdhe8192_p),
918 dh_ffdhe8192_g, sizeof(dh_ffdhe8192_g)
919 };
920 return &ffdhe8192;
921}
922#endif
923
924int wc_InitDhKey_ex(DhKey* key, void* heap, int devId)
925{
926 int ret = 0;
927
928 if (key == NULL)
929 return BAD_FUNC_ARG;
930
931 key->heap = heap; /* for XMALLOC/XFREE in future */
932
933 if (mp_init_multi(&key->p, &key->g, &key->q, NULL, NULL, NULL) != MP_OKAY)
934 return MEMORY_E;
935
936#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_DH)
937 /* handle as async */
938 ret = wolfAsync_DevCtxInit(&key->asyncDev, WOLFSSL_ASYNC_MARKER_DH,
939 key->heap, devId);
940#else
941 (void)devId;
942#endif
943
944 return ret;
945}
946
947int wc_InitDhKey(DhKey* key)
948{
949 return wc_InitDhKey_ex(key, NULL, INVALID_DEVID);
950}
951
952
953int wc_FreeDhKey(DhKey* key)
954{
955 if (key) {
956 mp_clear(&key->p);
957 mp_clear(&key->g);
958 mp_clear(&key->q);
959
960 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_DH)
961 wolfAsync_DevCtxFree(&key->asyncDev, WOLFSSL_ASYNC_MARKER_DH);
962 #endif
963 }
964 return 0;
965}
966
967
968#ifndef WC_NO_RNG
969/* if defined to not use floating point values do not compile in */
970#ifndef WOLFSSL_DH_CONST
971 static word32 DiscreteLogWorkFactor(word32 n)
972 {
973 /* assuming discrete log takes about the same time as factoring */
974 if (n < 5)
975 return 0;
976 else
977 return (word32)(2.4 * XPOW((double)n, 1.0/3.0) *
978 XPOW(XLOG((double)n), 2.0/3.0) - 5);
979 }
980#endif /* WOLFSSL_DH_CONST*/
981
982
983/* if not using fixed points use DiscreteLogWorkFactor function for unsual size
984 otherwise round up on size needed */
985#ifndef WOLFSSL_DH_CONST
986 #define WOLFSSL_DH_ROUND(x)
987#else
988 #define WOLFSSL_DH_ROUND(x) \
989 do { \
990 if (x % 128) { \
991 x &= 0xffffff80;\
992 x += 128; \
993 } \
994 } \
995 while (0)
996#endif
997
998
999#ifndef WOLFSSL_NO_DH186
1000/* validate that (L,N) match allowed sizes from SP 800-56A, Section 5.5.1.1.
1001 * modLen - represents L, the size of p in bits
1002 * divLen - represents N, the size of q in bits
1003 * return 0 on success, -1 on error */
1004static int CheckDhLN(int modLen, int divLen)
1005{
1006 int ret = -1;
1007
1008 switch (modLen) {
1009 /* FA */
1010 case 1024:
1011 if (divLen == 160)
1012 ret = 0;
1013 break;
1014 /* FB, FC */
1015 case 2048:
1016 if (divLen == 224 || divLen == 256)
1017 ret = 0;
1018 break;
1019 default:
1020 break;
1021 }
1022
1023 return ret;
1024}
1025
1026
1027/* Create DH private key
1028 *
1029 * Based on NIST FIPS 186-4,
1030 * "B.1.1 Key Pair Generation Using Extra Random Bits"
1031 *
1032 * dh - pointer to initialized DhKey structure, needs to have dh->q
1033 * rng - pointer to initialized WC_RNG structure
1034 * priv - output location for generated private key
1035 * privSz - IN/OUT, size of priv buffer, size of generated private key
1036 *
1037 * return 0 on success, negative on error */
1038static int GeneratePrivateDh186(DhKey* key, WC_RNG* rng, byte* priv,
1039 word32* privSz)
1040{
1041 byte* cBuf;
1042 int qSz, pSz, cSz, err;
1043#ifdef WOLFSSL_SMALL_STACK
1044 mp_int* tmpQ = NULL;
1045 mp_int* tmpX = NULL;
1046#else
1047 mp_int tmpQ[1], tmpX[1];
1048#endif
1049
1050 /* Parameters validated in calling functions. */
1051
1052 if (mp_iszero(&key->q) == MP_YES) {
1053 WOLFSSL_MSG("DH q parameter needed for FIPS 186-4 key generation");
1054 return BAD_FUNC_ARG;
1055 }
1056
1057 qSz = mp_unsigned_bin_size(&key->q);
1058 pSz = mp_unsigned_bin_size(&key->p);
1059
1060 /* verify (L,N) pair bit lengths */
1061 if (CheckDhLN(pSz * WOLFSSL_BIT_SIZE, qSz * WOLFSSL_BIT_SIZE) != 0) {
1062 WOLFSSL_MSG("DH param sizes do not match SP 800-56A requirements");
1063 return BAD_FUNC_ARG;
1064 }
1065
1066 /* generate extra 64 bits so that bias from mod function is negligible */
1067 cSz = qSz + (64 / WOLFSSL_BIT_SIZE);
1068 cBuf = (byte*)XMALLOC(cSz, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
1069 if (cBuf == NULL) {
1070 return MEMORY_E;
1071 }
1072#ifdef WOLFSSL_SMALL_STACK
1073 tmpQ = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
1074 if (tmpQ == NULL) {
1075 XFREE(cBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
1076 return MEMORY_E;
1077 }
1078 tmpX = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
1079 if (tmpX == NULL) {
1080 XFREE(cBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
1081 XFREE(tmpQ, key->heap, DYNAMIC_TYPE_DH);
1082 return MEMORY_E;
1083 }
1084#endif
1085
1086
1087 if ((err = mp_init_multi(tmpX, tmpQ, NULL, NULL, NULL, NULL))
1088 != MP_OKAY) {
1089 XFREE(cBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
1090#ifdef WOLFSSL_SMALL_STACK
1091 XFREE(tmpQ, key->heap, DYNAMIC_TYPE_DH);
1092 XFREE(tmpX, key->heap, DYNAMIC_TYPE_DH);
1093#endif
1094 return err;
1095 }
1096
1097 do {
1098 /* generate N+64 bits (c) from RBG into tmpX, making sure positive.
1099 * Hash_DRBG uses SHA-256 which matches maximum
1100 * requested_security_strength of (L,N) */
1101 err = wc_RNG_GenerateBlock(rng, cBuf, cSz);
1102 if (err == MP_OKAY)
1103 err = mp_read_unsigned_bin(tmpX, cBuf, cSz);
1104 if (err != MP_OKAY) {
1105 mp_clear(tmpX);
1106 mp_clear(tmpQ);
1107 XFREE(cBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
1108#ifdef WOLFSSL_SMALL_STACK
1109 XFREE(tmpQ, key->heap, DYNAMIC_TYPE_DH);
1110 XFREE(tmpX, key->heap, DYNAMIC_TYPE_DH);
1111#endif
1112 return err;
1113 }
1114 } while (mp_cmp_d(tmpX, 1) != MP_GT);
1115
1116 ForceZero(cBuf, cSz);
1117 XFREE(cBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
1118
1119 /* tmpQ = q - 1 */
1120 if (err == MP_OKAY)
1121 err = mp_copy(&key->q, tmpQ);
1122
1123 if (err == MP_OKAY)
1124 err = mp_sub_d(tmpQ, 1, tmpQ);
1125
1126 /* x = c mod (q-1), tmpX holds c */
1127 if (err == MP_OKAY)
1128 err = mp_mod(tmpX, tmpQ, tmpX);
1129
1130 /* x = c mod (q-1) + 1 */
1131 if (err == MP_OKAY)
1132 err = mp_add_d(tmpX, 1, tmpX);
1133
1134 /* copy tmpX into priv */
1135 if (err == MP_OKAY) {
1136 pSz = mp_unsigned_bin_size(tmpX);
1137 if (pSz > (int)*privSz) {
1138 WOLFSSL_MSG("DH private key output buffer too small");
1139 err = BAD_FUNC_ARG;
1140 } else {
1141 *privSz = pSz;
1142 err = mp_to_unsigned_bin(tmpX, priv);
1143 }
1144 }
1145
1146 mp_forcezero(tmpX);
1147 mp_clear(tmpX);
1148 mp_clear(tmpQ);
1149#ifdef WOLFSSL_SMALL_STACK
1150 XFREE(tmpQ, key->heap, DYNAMIC_TYPE_DH);
1151 XFREE(tmpX, key->heap, DYNAMIC_TYPE_DH);
1152#endif
1153
1154 return err;
1155}
1156#endif /* WOLFSSL_NO_DH186 */
1157#endif /* !WC_NO_RNG */
1158
1159static int GeneratePrivateDh(DhKey* key, WC_RNG* rng, byte* priv,
1160 word32* privSz)
1161{
1162#ifndef WC_NO_RNG
1163 int ret = 0;
1164 word32 sz = 0;
1165
1166#ifndef WOLFSSL_NO_DH186
1167 if (mp_iszero(&key->q) == MP_NO) {
1168
1169 /* q param available, use NIST FIPS 186-4, "B.1.1 Key Pair
1170 * Generation Using Extra Random Bits" */
1171 ret = GeneratePrivateDh186(key, rng, priv, privSz);
1172
1173 } else
1174#endif
1175 {
1176
1177 sz = mp_unsigned_bin_size(&key->p);
1178
1179 /* Table of predetermined values from the operation
1180 2 * DiscreteLogWorkFactor(sz * WOLFSSL_BIT_SIZE) /
1181 WOLFSSL_BIT_SIZE + 1
1182 Sizes in table checked against RFC 3526
1183 */
1184 WOLFSSL_DH_ROUND(sz); /* if using fixed points only, then round up */
1185 switch (sz) {
1186 case 128: sz = 21; break;
1187 case 256: sz = 29; break;
1188 case 384: sz = 34; break;
1189 case 512: sz = 39; break;
1190 case 640: sz = 42; break;
1191 case 768: sz = 46; break;
1192 case 896: sz = 49; break;
1193 case 1024: sz = 52; break;
1194 default:
1195 #ifndef WOLFSSL_DH_CONST
1196 /* if using floating points and size of p is not in table */
1197 sz = min(sz, 2 * DiscreteLogWorkFactor(sz * WOLFSSL_BIT_SIZE) /
1198 WOLFSSL_BIT_SIZE + 1);
1199 break;
1200 #else
1201 return BAD_FUNC_ARG;
1202 #endif
1203 }
1204
1205 ret = wc_RNG_GenerateBlock(rng, priv, sz);
1206
1207 if (ret == 0) {
1208 priv[0] |= 0x0C;
1209 *privSz = sz;
1210 }
1211 }
1212
1213 return ret;
1214#else
1215 (void)key;
1216 (void)rng;
1217 (void)priv;
1218 (void)privSz;
1219 return NOT_COMPILED_IN;
1220#endif /* WC_NO_RNG */
1221}
1222
1223
1224static int GeneratePublicDh(DhKey* key, byte* priv, word32 privSz,
1225 byte* pub, word32* pubSz)
1226{
1227 int ret = 0;
1228#ifndef WOLFSSL_SP_MATH
1229#ifdef WOLFSSL_SMALL_STACK
1230 mp_int* x = NULL;
1231 mp_int* y = NULL;
1232#else
1233 mp_int x[1];
1234 mp_int y[1];
1235#endif
1236#endif
1237
1238#ifdef WOLFSSL_HAVE_SP_DH
1239#ifndef WOLFSSL_SP_NO_2048
1240 if (mp_count_bits(&key->p) == 2048)
1241 return sp_DhExp_2048(&key->g, priv, privSz, &key->p, pub, pubSz);
1242#endif
1243#ifndef WOLFSSL_SP_NO_3072
1244 if (mp_count_bits(&key->p) == 3072)
1245 return sp_DhExp_3072(&key->g, priv, privSz, &key->p, pub, pubSz);
1246#endif
1247#endif
1248
1249#ifndef WOLFSSL_SP_MATH
1250#ifdef WOLFSSL_SMALL_STACK
1251 x = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
1252 if (x == NULL)
1253 return MEMORY_E;
1254 y = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
1255 if (y == NULL) {
1256 XFREE(x, key->heap, DYNAMIC_TYPE_DH);
1257 return MEMORY_E;
1258 }
1259#endif
1260 if (mp_init_multi(x, y, 0, 0, 0, 0) != MP_OKAY) {
1261 #ifdef WOLFSSL_SMALL_STACK
1262 XFREE(y, key->heap, DYNAMIC_TYPE_DH);
1263 XFREE(x, key->heap, DYNAMIC_TYPE_DH);
1264 #endif
1265 return MP_INIT_E;
1266 }
1267
1268 if (mp_read_unsigned_bin(x, priv, privSz) != MP_OKAY)
1269 ret = MP_READ_E;
1270
1271 if (ret == 0 && mp_exptmod(&key->g, x, &key->p, y) != MP_OKAY)
1272 ret = MP_EXPTMOD_E;
1273
1274 if (ret == 0 && mp_to_unsigned_bin(y, pub) != MP_OKAY)
1275 ret = MP_TO_E;
1276
1277 if (ret == 0)
1278 *pubSz = mp_unsigned_bin_size(y);
1279
1280 mp_clear(y);
1281 mp_clear(x);
1282#ifdef WOLFSSL_SMALL_STACK
1283 XFREE(y, key->heap, DYNAMIC_TYPE_DH);
1284 XFREE(x, key->heap, DYNAMIC_TYPE_DH);
1285#endif
1286#else
1287 ret = WC_KEY_SIZE_E;
1288#endif
1289
1290 return ret;
1291}
1292
1293static int wc_DhGenerateKeyPair_Sync(DhKey* key, WC_RNG* rng,
1294 byte* priv, word32* privSz, byte* pub, word32* pubSz)
1295{
1296 int ret;
1297
1298 if (key == NULL || rng == NULL || priv == NULL || privSz == NULL ||
1299 pub == NULL || pubSz == NULL) {
1300 return BAD_FUNC_ARG;
1301 }
1302
1303 ret = GeneratePrivateDh(key, rng, priv, privSz);
1304
1305 return (ret != 0) ? ret : GeneratePublicDh(key, priv, *privSz, pub, pubSz);
1306}
1307
1308#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_DH)
1309static int wc_DhGenerateKeyPair_Async(DhKey* key, WC_RNG* rng,
1310 byte* priv, word32* privSz, byte* pub, word32* pubSz)
1311{
1312 int ret;
1313
1314#if defined(HAVE_INTEL_QA)
1315 word32 sz;
1316
1317 /* verify prime is at least 768-bits */
1318 /* QAT HW must have prime at least 768-bits */
1319 sz = mp_unsigned_bin_size(&key->p);
1320 if (sz >= (768/8)) {
1321 mp_int x;
1322
1323 ret = mp_init(&x);
1324 if (ret != MP_OKAY)
1325 return ret;
1326
1327 ret = GeneratePrivateDh(key, rng, priv, privSz);
1328 if (ret == 0)
1329 ret = mp_read_unsigned_bin(&x, priv, *privSz);
1330 if (ret == MP_OKAY)
1331 ret = wc_mp_to_bigint(&x, &x.raw);
1332 if (ret == MP_OKAY)
1333 ret = wc_mp_to_bigint(&key->p, &key->p.raw);
1334 if (ret == MP_OKAY)
1335 ret = wc_mp_to_bigint(&key->g, &key->g.raw);
1336 if (ret == MP_OKAY)
1337 ret = IntelQaDhKeyGen(&key->asyncDev, &key->p.raw, &key->g.raw,
1338 &x.raw, pub, pubSz);
1339 mp_clear(&x);
1340
1341 return ret;
1342 }
1343
1344#elif defined(HAVE_CAVIUM)
1345 /* TODO: Not implemented - use software for now */
1346
1347#else /* WOLFSSL_ASYNC_CRYPT_TEST */
1348 if (wc_AsyncTestInit(&key->asyncDev, ASYNC_TEST_DH_GEN)) {
1349 WC_ASYNC_TEST* testDev = &key->asyncDev.test;
1350 testDev->dhGen.key = key;
1351 testDev->dhGen.rng = rng;
1352 testDev->dhGen.priv = priv;
1353 testDev->dhGen.privSz = privSz;
1354 testDev->dhGen.pub = pub;
1355 testDev->dhGen.pubSz = pubSz;
1356 return WC_PENDING_E;
1357 }
1358#endif
1359
1360 /* otherwise use software DH */
1361 ret = wc_DhGenerateKeyPair_Sync(key, rng, priv, privSz, pub, pubSz);
1362
1363 return ret;
1364}
1365#endif /* WOLFSSL_ASYNC_CRYPT && WC_ASYNC_ENABLE_DH */
1366
1367
1368/* Check DH Public Key for invalid numbers, optionally allowing
1369 * the public key to be checked against the large prime (q).
1370 * Check per process in SP 800-56Ar3, section 5.6.2.3.1.
1371 *
1372 * key DH key group parameters.
1373 * pub Public Key.
1374 * pubSz Public Key size.
1375 * prime Large prime (q), optionally NULL to skip check
1376 * primeSz Size of large prime
1377 *
1378 * returns 0 on success or error code
1379 */
1380int wc_DhCheckPubKey_ex(DhKey* key, const byte* pub, word32 pubSz,
1381 const byte* prime, word32 primeSz)
1382{
1383 int ret = 0;
1384#ifdef WOLFSSL_SMALL_STACK
1385 mp_int* y = NULL;
1386 mp_int* p = NULL;
1387 mp_int* q = NULL;
1388#else
1389 mp_int y[1];
1390 mp_int p[1];
1391 mp_int q[1];
1392#endif
1393
1394 if (key == NULL || pub == NULL) {
1395 return BAD_FUNC_ARG;
1396 }
1397
1398#ifdef WOLFSSL_SMALL_STACK
1399 y = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
1400 if (y == NULL)
1401 return MEMORY_E;
1402 p = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
1403 if (p == NULL) {
1404 XFREE(y, key->heap, DYNAMIC_TYPE_DH);
1405 return MEMORY_E;
1406 }
1407 q = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
1408 if (q == NULL) {
1409 XFREE(p, key->heap, DYNAMIC_TYPE_DH);
1410 XFREE(y, key->heap, DYNAMIC_TYPE_DH);
1411 return MEMORY_E;
1412 }
1413#endif
1414
1415 if (mp_init_multi(y, p, q, NULL, NULL, NULL) != MP_OKAY) {
1416 #ifdef WOLFSSL_SMALL_STACK
1417 XFREE(q, key->heap, DYNAMIC_TYPE_DH);
1418 XFREE(p, key->heap, DYNAMIC_TYPE_DH);
1419 XFREE(y, key->heap, DYNAMIC_TYPE_DH);
1420 #endif
1421 return MP_INIT_E;
1422 }
1423
1424 if (mp_read_unsigned_bin(y, pub, pubSz) != MP_OKAY) {
1425 ret = MP_READ_E;
1426 }
1427
1428 if (ret == 0 && prime != NULL) {
1429 if (mp_read_unsigned_bin(q, prime, primeSz) != MP_OKAY)
1430 ret = MP_READ_E;
1431
1432 } else if (mp_iszero(&key->q) == MP_NO) {
1433 /* use q available in DhKey */
1434 if (mp_copy(&key->q, q) != MP_OKAY)
1435 ret = MP_INIT_E;
1436 }
1437
1438 /* SP 800-56Ar3, section 5.6.2.3.1, process step 1 */
1439 /* pub (y) should not be 0 or 1 */
1440 if (ret == 0 && mp_cmp_d(y, 2) == MP_LT) {
1441 ret = MP_CMP_E;
1442 }
1443
1444 /* pub (y) shouldn't be greater than or equal to p - 1 */
1445 if (ret == 0 && mp_copy(&key->p, p) != MP_OKAY) {
1446 ret = MP_INIT_E;
1447 }
1448 if (ret == 0 && mp_sub_d(p, 2, p) != MP_OKAY) {
1449 ret = MP_SUB_E;
1450 }
1451 if (ret == 0 && mp_cmp(y, p) == MP_GT) {
1452 ret = MP_CMP_E;
1453 }
1454
1455 if (ret == 0 && (prime != NULL || (mp_iszero(&key->q) == MP_NO) )) {
1456
1457 /* restore key->p into p */
1458 if (mp_copy(&key->p, p) != MP_OKAY)
1459 ret = MP_INIT_E;
1460 }
1461
1462 if (ret == 0 && prime != NULL) {
1463#ifdef WOLFSSL_HAVE_SP_DH
1464#ifndef WOLFSSL_SP_NO_2048
1465 if (mp_count_bits(&key->p) == 2048) {
1466 ret = sp_ModExp_2048(y, q, p, y);
1467 if (ret != 0)
1468 ret = MP_EXPTMOD_E;
1469 }
1470 else
1471#endif
1472#ifndef WOLFSSL_SP_NO_3072
1473 if (mp_count_bits(&key->p) == 3072) {
1474 ret = sp_ModExp_3072(y, q, p, y);
1475 if (ret != 0)
1476 ret = MP_EXPTMOD_E;
1477 }
1478 else
1479#endif
1480#endif
1481
1482 {
1483 /* SP 800-56Ar3, section 5.6.2.3.1, process step 2 */
1484#ifndef WOLFSSL_SP_MATH
1485 /* calculate (y^q) mod(p), store back into y */
1486 if (ret == 0 && mp_exptmod(y, q, p, y) != MP_OKAY)
1487 ret = MP_EXPTMOD_E;
1488#else
1489 ret = WC_KEY_SIZE_E;
1490#endif
1491 }
1492
1493 /* verify above == 1 */
1494 if (ret == 0 && mp_cmp_d(y, 1) != MP_EQ)
1495 ret = MP_CMP_E;
1496 }
1497
1498 mp_clear(y);
1499 mp_clear(p);
1500 mp_clear(q);
1501#ifdef WOLFSSL_SMALL_STACK
1502 XFREE(q, key->heap, DYNAMIC_TYPE_DH);
1503 XFREE(p, key->heap, DYNAMIC_TYPE_DH);
1504 XFREE(y, key->heap, DYNAMIC_TYPE_DH);
1505#endif
1506
1507 return ret;
1508}
1509
1510
1511/* Check DH Public Key for invalid numbers
1512 *
1513 * key DH key group parameters.
1514 * pub Public Key.
1515 * pubSz Public Key size.
1516 *
1517 * returns 0 on success or error code
1518 */
1519int wc_DhCheckPubKey(DhKey* key, const byte* pub, word32 pubSz)
1520{
1521 return wc_DhCheckPubKey_ex(key, pub, pubSz, NULL, 0);
1522}
1523
1524
1525/* Check DH Private Key for invalid numbers, optionally allowing
1526 * the private key to be checked against the large prime (q).
1527 * Check per process in SP 800-56Ar3, section 5.6.2.1.2.
1528 *
1529 * key DH key group parameters.
1530 * priv Private Key.
1531 * privSz Private Key size.
1532 * prime Large prime (q), optionally NULL to skip check
1533 * primeSz Size of large prime
1534 *
1535 * returns 0 on success or error code
1536 */
1537int wc_DhCheckPrivKey_ex(DhKey* key, const byte* priv, word32 privSz,
1538 const byte* prime, word32 primeSz)
1539{
1540 int ret = 0;
1541#ifdef WOLFSSL_SMALL_STACK
1542 mp_int* x = NULL;
1543 mp_int* q = NULL;
1544#else
1545 mp_int x[1];
1546 mp_int q[1];
1547#endif
1548
1549 if (key == NULL || priv == NULL) {
1550 return BAD_FUNC_ARG;
1551 }
1552
1553#ifdef WOLFSSL_SMALL_STACK
1554 x = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
1555 if (x == NULL)
1556 return MEMORY_E;
1557 q = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
1558 if (q == NULL) {
1559 XFREE(x, key->heap, DYNAMIC_TYPE_DH);
1560 return MEMORY_E;
1561 }
1562#endif
1563
1564 if (mp_init_multi(x, q, NULL, NULL, NULL, NULL) != MP_OKAY) {
1565 #ifdef WOLFSSL_SMALL_STACK
1566 XFREE(q, key->heap, DYNAMIC_TYPE_DH);
1567 XFREE(x, key->heap, DYNAMIC_TYPE_DH);
1568 #endif
1569 return MP_INIT_E;
1570 }
1571
1572 if (mp_read_unsigned_bin(x, priv, privSz) != MP_OKAY) {
1573 ret = MP_READ_E;
1574 }
1575
1576 if (ret == 0) {
1577 if (prime != NULL) {
1578 if (mp_read_unsigned_bin(q, prime, primeSz) != MP_OKAY)
1579 ret = MP_READ_E;
1580 }
1581 else if (mp_iszero(&key->q) == MP_NO) {
1582 /* use q available in DhKey */
1583 if (mp_copy(&key->q, q) != MP_OKAY)
1584 ret = MP_INIT_E;
1585 }
1586 }
1587
1588 /* priv (x) should not be 0 */
1589 if (ret == 0) {
1590 if (mp_cmp_d(x, 0) == MP_EQ)
1591 ret = MP_CMP_E;
1592 }
1593
1594 if (ret == 0) {
1595 if (mp_iszero(q) == MP_NO) {
1596 /* priv (x) shouldn't be greater than q - 1 */
1597 if (ret == 0) {
1598 if (mp_copy(&key->q, q) != MP_OKAY)
1599 ret = MP_INIT_E;
1600 }
1601 if (ret == 0) {
1602 if (mp_sub_d(q, 1, q) != MP_OKAY)
1603 ret = MP_SUB_E;
1604 }
1605 if (ret == 0) {
1606 if (mp_cmp(x, q) == MP_GT)
1607 ret = DH_CHECK_PRIV_E;
1608 }
1609 }
1610 }
1611
1612 mp_clear(x);
1613 mp_clear(q);
1614#ifdef WOLFSSL_SMALL_STACK
1615 XFREE(q, key->heap, DYNAMIC_TYPE_DH);
1616 XFREE(x, key->heap, DYNAMIC_TYPE_DH);
1617#endif
1618
1619 return ret;
1620}
1621
1622
1623/* Check DH Private Key for invalid numbers
1624 *
1625 * key DH key group parameters.
1626 * priv Private Key.
1627 * privSz Private Key size.
1628 *
1629 * returns 0 on success or error code
1630 */
1631int wc_DhCheckPrivKey(DhKey* key, const byte* priv, word32 privSz)
1632{
1633 return wc_DhCheckPrivKey_ex(key, priv, privSz, NULL, 0);
1634}
1635
1636
1637/* Check DH Keys for pair-wise consistency per process in
1638 * SP 800-56Ar3, section 5.6.2.1.4, method (b) for FFC.
1639 *
1640 * key DH key group parameters.
1641 * pub Public Key.
1642 * pubSz Public Key size.
1643 * priv Private Key.
1644 * privSz Private Key size.
1645 *
1646 * returns 0 on success or error code
1647 */
1648int wc_DhCheckKeyPair(DhKey* key, const byte* pub, word32 pubSz,
1649 const byte* priv, word32 privSz)
1650{
1651#ifdef WOLFSSL_SMALL_STACK
1652 mp_int* publicKey = NULL;
1653 mp_int* privateKey = NULL;
1654 mp_int* checkKey = NULL;
1655#else
1656 mp_int publicKey[1];
1657 mp_int privateKey[1];
1658 mp_int checkKey[1];
1659#endif
1660 int ret = 0;
1661
1662 if (key == NULL || pub == NULL || priv == NULL)
1663 return BAD_FUNC_ARG;
1664
1665#ifdef WOLFSSL_SMALL_STACK
1666 publicKey = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
1667 if (publicKey == NULL)
1668 return MEMORY_E;
1669 privateKey = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
1670 if (privateKey == NULL) {
1671 XFREE(publicKey, key->heap, DYNAMIC_TYPE_DH);
1672 return MEMORY_E;
1673 }
1674 checkKey = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
1675 if (checkKey == NULL) {
1676 XFREE(privateKey, key->heap, DYNAMIC_TYPE_DH);
1677 XFREE(publicKey, key->heap, DYNAMIC_TYPE_DH);
1678 return MEMORY_E;
1679 }
1680#endif
1681
1682 if (mp_init_multi(publicKey, privateKey, checkKey,
1683 NULL, NULL, NULL) != MP_OKAY) {
1684
1685 #ifdef WOLFSSL_SMALL_STACK
1686 XFREE(privateKey, key->heap, DYNAMIC_TYPE_DH);
1687 XFREE(publicKey, key->heap, DYNAMIC_TYPE_DH);
1688 XFREE(checkKey, key->heap, DYNAMIC_TYPE_DH);
1689 #endif
1690 return MP_INIT_E;
1691 }
1692
1693 /* Load the private and public keys into big integers. */
1694 if (mp_read_unsigned_bin(publicKey, pub, pubSz) != MP_OKAY ||
1695 mp_read_unsigned_bin(privateKey, priv, privSz) != MP_OKAY) {
1696
1697 ret = MP_READ_E;
1698 }
1699
1700 /* Calculate checkKey = g^privateKey mod p */
1701 if (ret == 0) {
1702#ifdef WOLFSSL_HAVE_SP_DH
1703#ifndef WOLFSSL_SP_NO_2048
1704 if (mp_count_bits(&key->p) == 2048) {
1705 ret = sp_ModExp_2048(&key->g, privateKey, &key->p, checkKey);
1706 if (ret != 0)
1707 ret = MP_EXPTMOD_E;
1708 }
1709 else
1710#endif
1711#ifndef WOLFSSL_SP_NO_3072
1712 if (mp_count_bits(&key->p) == 3072) {
1713 ret = sp_ModExp_3072(&key->g, privateKey, &key->p, checkKey);
1714 if (ret != 0)
1715 ret = MP_EXPTMOD_E;
1716 }
1717 else
1718#endif
1719#endif
1720 {
1721#ifndef WOLFSSL_SP_MATH
1722 if (mp_exptmod(&key->g, privateKey, &key->p, checkKey) != MP_OKAY)
1723 ret = MP_EXPTMOD_E;
1724#else
1725 ret = WC_KEY_SIZE_E;
1726#endif
1727 }
1728 }
1729
1730 /* Compare the calculated public key to the supplied check value. */
1731 if (ret == 0) {
1732 if (mp_cmp(checkKey, publicKey) != MP_EQ)
1733 ret = MP_CMP_E;
1734 }
1735
1736 mp_forcezero(privateKey);
1737 mp_clear(privateKey);
1738 mp_clear(publicKey);
1739 mp_clear(checkKey);
1740#ifdef WOLFSSL_SMALL_STACK
1741 XFREE(checkKey, key->heap, DYNAMIC_TYPE_DH);
1742 XFREE(privateKey, key->heap, DYNAMIC_TYPE_DH);
1743 XFREE(publicKey, key->heap, DYNAMIC_TYPE_DH);
1744#endif
1745
1746 return ret;
1747}
1748
1749
1750int wc_DhGenerateKeyPair(DhKey* key, WC_RNG* rng,
1751 byte* priv, word32* privSz, byte* pub, word32* pubSz)
1752{
1753 int ret;
1754
1755 if (key == NULL || rng == NULL || priv == NULL || privSz == NULL ||
1756 pub == NULL || pubSz == NULL) {
1757 return BAD_FUNC_ARG;
1758 }
1759
1760#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_DH)
1761 if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_DH) {
1762 ret = wc_DhGenerateKeyPair_Async(key, rng, priv, privSz, pub, pubSz);
1763 }
1764 else
1765#endif
1766 {
1767 ret = wc_DhGenerateKeyPair_Sync(key, rng, priv, privSz, pub, pubSz);
1768 }
1769
1770 return ret;
1771}
1772
1773
1774static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz,
1775 const byte* priv, word32 privSz, const byte* otherPub, word32 pubSz)
1776{
1777 int ret = 0;
1778#ifdef WOLFSSL_SMALL_STACK
1779 mp_int* y = NULL;
1780#ifndef WOLFSSL_SP_MATH
1781 mp_int* x = NULL;
1782 mp_int* z = NULL;
1783#endif
1784#else
1785 mp_int y[1];
1786#ifndef WOLFSSL_SP_MATH
1787 mp_int x[1];
1788 mp_int z[1];
1789#endif
1790#endif
1791
1792#ifdef WOLFSSL_VALIDATE_FFC_IMPORT
1793 if (wc_DhCheckPrivKey(key, priv, privSz) != 0) {
1794 WOLFSSL_MSG("wc_DhAgree wc_DhCheckPrivKey failed");
1795 return DH_CHECK_PRIV_E;
1796 }
1797
1798 if (wc_DhCheckPubKey(key, otherPub, pubSz) != 0) {
1799 WOLFSSL_MSG("wc_DhAgree wc_DhCheckPubKey failed");
1800 return DH_CHECK_PUB_E;
1801 }
1802#endif
1803
1804#ifdef WOLFSSL_SMALL_STACK
1805 y = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
1806 if (y == NULL)
1807 return MEMORY_E;
1808#ifndef WOLFSSL_SP_MATH
1809 x = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
1810 if (x == NULL) {
1811 XFREE(y, key->heap, DYNAMIC_TYPE_DH);
1812 return MEMORY_E;
1813 }
1814 z = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
1815 if (z == NULL) {
1816 XFREE(x, key->heap, DYNAMIC_TYPE_DH);
1817 XFREE(y, key->heap, DYNAMIC_TYPE_DH);
1818 return MEMORY_E;
1819 }
1820#endif
1821#endif
1822
1823#ifdef WOLFSSL_HAVE_SP_DH
1824#ifndef WOLFSSL_SP_NO_2048
1825 if (mp_count_bits(&key->p) == 2048) {
1826 if (mp_init(y) != MP_OKAY)
1827 return MP_INIT_E;
1828
1829 if (ret == 0 && mp_read_unsigned_bin(y, otherPub, pubSz) != MP_OKAY)
1830 ret = MP_READ_E;
1831
1832 if (ret == 0)
1833 ret = sp_DhExp_2048(y, priv, privSz, &key->p, agree, agreeSz);
1834
1835 mp_clear(y);
1836 #ifdef WOLFSSL_SMALL_STACK
1837 #ifndef WOLFSSL_SP_MATH
1838 XFREE(z, key->heap, DYNAMIC_TYPE_DH);
1839 XFREE(x, key->heap, DYNAMIC_TYPE_DH);
1840 #endif
1841 XFREE(y, key->heap, DYNAMIC_TYPE_DH);
1842 #endif
1843 return ret;
1844 }
1845#endif
1846#ifndef WOLFSSL_SP_NO_3072
1847 if (mp_count_bits(&key->p) == 3072) {
1848 if (mp_init(y) != MP_OKAY)
1849 return MP_INIT_E;
1850
1851 if (ret == 0 && mp_read_unsigned_bin(y, otherPub, pubSz) != MP_OKAY)
1852 ret = MP_READ_E;
1853
1854 if (ret == 0)
1855 ret = sp_DhExp_3072(y, priv, privSz, &key->p, agree, agreeSz);
1856
1857 mp_clear(y);
1858 #ifdef WOLFSSL_SMALL_STACK
1859 #ifndef WOLFSSL_SP_MATH
1860 XFREE(z, key->heap, DYNAMIC_TYPE_DH);
1861 XFREE(x, key->heap, DYNAMIC_TYPE_DH);
1862 #endif
1863 XFREE(y, key->heap, DYNAMIC_TYPE_DH);
1864 #endif
1865 return ret;
1866 }
1867#endif
1868#endif
1869
1870#ifndef WOLFSSL_SP_MATH
1871 if (mp_init_multi(x, y, z, 0, 0, 0) != MP_OKAY) {
1872 #ifdef WOLFSSL_SMALL_STACK
1873 XFREE(z, key->heap, DYNAMIC_TYPE_DH);
1874 XFREE(x, key->heap, DYNAMIC_TYPE_DH);
1875 XFREE(y, key->heap, DYNAMIC_TYPE_DH);
1876 #endif
1877 return MP_INIT_E;
1878 }
1879
1880 if (mp_read_unsigned_bin(x, priv, privSz) != MP_OKAY)
1881 ret = MP_READ_E;
1882
1883 if (ret == 0 && mp_read_unsigned_bin(y, otherPub, pubSz) != MP_OKAY)
1884 ret = MP_READ_E;
1885
1886 if (ret == 0 && mp_exptmod(y, x, &key->p, z) != MP_OKAY)
1887 ret = MP_EXPTMOD_E;
1888
1889 /* make sure z is not one (SP800-56A, 5.7.1.1) */
1890 if (ret == 0 && (mp_cmp_d(z, 1) == MP_EQ))
1891 ret = MP_VAL;
1892
1893 if (ret == 0 && mp_to_unsigned_bin(z, agree) != MP_OKAY)
1894 ret = MP_TO_E;
1895
1896 if (ret == 0)
1897 *agreeSz = mp_unsigned_bin_size(z);
1898
1899 mp_clear(z);
1900 mp_clear(y);
1901 mp_forcezero(x);
1902#endif
1903
1904#ifdef WOLFSSL_SMALL_STACK
1905#ifndef WOLFSSL_SP_MATH
1906 XFREE(z, key->heap, DYNAMIC_TYPE_DH);
1907 XFREE(x, key->heap, DYNAMIC_TYPE_DH);
1908#endif
1909 XFREE(y, key->heap, DYNAMIC_TYPE_DH);
1910#endif
1911
1912 return ret;
1913}
1914
1915#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_DH)
1916static int wc_DhAgree_Async(DhKey* key, byte* agree, word32* agreeSz,
1917 const byte* priv, word32 privSz, const byte* otherPub, word32 pubSz)
1918{
1919 int ret;
1920
1921#ifdef HAVE_CAVIUM
1922 /* TODO: Not implemented - use software for now */
1923 ret = wc_DhAgree_Sync(key, agree, agreeSz, priv, privSz, otherPub, pubSz);
1924
1925#elif defined(HAVE_INTEL_QA)
1926 ret = wc_mp_to_bigint(&key->p, &key->p.raw);
1927 if (ret == MP_OKAY)
1928 ret = IntelQaDhAgree(&key->asyncDev, &key->p.raw,
1929 agree, agreeSz, priv, privSz, otherPub, pubSz);
1930#else /* WOLFSSL_ASYNC_CRYPT_TEST */
1931 if (wc_AsyncTestInit(&key->asyncDev, ASYNC_TEST_DH_AGREE)) {
1932 WC_ASYNC_TEST* testDev = &key->asyncDev.test;
1933 testDev->dhAgree.key = key;
1934 testDev->dhAgree.agree = agree;
1935 testDev->dhAgree.agreeSz = agreeSz;
1936 testDev->dhAgree.priv = priv;
1937 testDev->dhAgree.privSz = privSz;
1938 testDev->dhAgree.otherPub = otherPub;
1939 testDev->dhAgree.pubSz = pubSz;
1940 return WC_PENDING_E;
1941 }
1942 ret = wc_DhAgree_Sync(key, agree, agreeSz, priv, privSz, otherPub, pubSz);
1943#endif
1944
1945 return ret;
1946}
1947#endif /* WOLFSSL_ASYNC_CRYPT */
1948
1949int wc_DhAgree(DhKey* key, byte* agree, word32* agreeSz, const byte* priv,
1950 word32 privSz, const byte* otherPub, word32 pubSz)
1951{
1952 int ret = 0;
1953
1954 if (key == NULL || agree == NULL || agreeSz == NULL || priv == NULL ||
1955 otherPub == NULL) {
1956 return BAD_FUNC_ARG;
1957 }
1958
1959#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_DH)
1960 if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_DH) {
1961 ret = wc_DhAgree_Async(key, agree, agreeSz, priv, privSz, otherPub, pubSz);
1962 }
1963 else
1964#endif
1965 {
1966 ret = wc_DhAgree_Sync(key, agree, agreeSz, priv, privSz, otherPub, pubSz);
1967 }
1968
1969 return ret;
1970}
1971
1972
1973static int _DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g,
1974 word32 gSz, const byte* q, word32 qSz, int trusted,
1975 WC_RNG* rng)
1976{
1977 int ret = 0;
1978 mp_int* keyP = NULL;
1979 mp_int* keyG = NULL;
1980 mp_int* keyQ = NULL;
1981
1982 if (key == NULL || p == NULL || g == NULL || pSz == 0 || gSz == 0) {
1983 ret = BAD_FUNC_ARG;
1984 }
1985
1986 if (ret == 0) {
1987 /* may have leading 0 */
1988 if (p[0] == 0) {
1989 pSz--; p++;
1990 }
1991
1992 if (g[0] == 0) {
1993 gSz--; g++;
1994 }
1995
1996 if (q != NULL) {
1997 if (q[0] == 0) {
1998 qSz--; q++;
1999 }
2000 }
2001
2002 if (mp_init(&key->p) != MP_OKAY)
2003 ret = MP_INIT_E;
2004 }
2005
2006 if (ret == 0) {
2007 if (mp_read_unsigned_bin(&key->p, p, pSz) != MP_OKAY)
2008 ret = ASN_DH_KEY_E;
2009 else
2010 keyP = &key->p;
2011 }
2012
2013#ifndef WOLFSSL_SP_MATH
2014 if (ret == 0 && !trusted) {
2015 int isPrime = 0;
2016 if (rng != NULL)
2017 ret = mp_prime_is_prime_ex(keyP, 8, &isPrime, rng);
2018 else
2019 ret = mp_prime_is_prime(keyP, 8, &isPrime);
2020
2021 if (ret == 0 && isPrime == 0)
2022 ret = DH_CHECK_PUB_E;
2023 }
2024#else
2025 (void)trusted;
2026 (void)rng;
2027#endif
2028
2029 if (ret == 0 && mp_init(&key->g) != MP_OKAY)
2030 ret = MP_INIT_E;
2031 if (ret == 0) {
2032 if (mp_read_unsigned_bin(&key->g, g, gSz) != MP_OKAY)
2033 ret = ASN_DH_KEY_E;
2034 else
2035 keyG = &key->g;
2036 }
2037
2038 if (ret == 0 && q != NULL) {
2039 if (mp_init(&key->q) != MP_OKAY)
2040 ret = MP_INIT_E;
2041 }
2042 if (ret == 0 && q != NULL) {
2043 if (mp_read_unsigned_bin(&key->q, q, qSz) != MP_OKAY)
2044 ret = MP_INIT_E;
2045 else
2046 keyQ = &key->q;
2047}
2048
2049 if (ret != 0 && key != NULL) {
2050 if (keyQ)
2051 mp_clear(keyQ);
2052 if (keyG)
2053 mp_clear(keyG);
2054 if (keyP)
2055 mp_clear(keyP);
2056 }
2057
2058 return ret;
2059}
2060
2061
2062int wc_DhSetCheckKey(DhKey* key, const byte* p, word32 pSz, const byte* g,
2063 word32 gSz, const byte* q, word32 qSz, int trusted,
2064 WC_RNG* rng)
2065{
2066 return _DhSetKey(key, p, pSz, g, gSz, q, qSz, trusted, rng);
2067}
2068
2069
2070int wc_DhSetKey_ex(DhKey* key, const byte* p, word32 pSz, const byte* g,
2071 word32 gSz, const byte* q, word32 qSz)
2072{
2073 return _DhSetKey(key, p, pSz, g, gSz, q, qSz, 1, NULL);
2074}
2075
2076
2077/* not in asn anymore since no actual asn types used */
2078int wc_DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g,
2079 word32 gSz)
2080{
2081 return _DhSetKey(key, p, pSz, g, gSz, NULL, 0, 1, NULL);
2082}
2083
2084
2085#ifdef WOLFSSL_KEY_GEN
2086
2087/* modulus_size in bits */
2088int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh)
2089{
2090 mp_int tmp, tmp2;
2091 int groupSz = 0, bufSz = 0,
2092 primeCheckCount = 0,
2093 primeCheck = MP_NO,
2094 ret = 0;
2095 unsigned char *buf = NULL;
2096
2097 if (rng == NULL || dh == NULL)
2098 ret = BAD_FUNC_ARG;
2099
2100 /* set group size in bytes from modulus size
2101 * FIPS 186-4 defines valid values (1024, 160) (2048, 256) (3072, 256)
2102 */
2103 if (ret == 0) {
2104 switch (modSz) {
2105 case 1024:
2106 groupSz = 20;
2107 break;
2108 case 2048:
2109 case 3072:
2110 groupSz = 32;
2111 break;
2112 default:
2113 ret = BAD_FUNC_ARG;
2114 break;
2115 }
2116 }
2117
2118 if (ret == 0) {
2119 /* modulus size in bytes */
2120 modSz /= WOLFSSL_BIT_SIZE;
2121 bufSz = modSz - groupSz;
2122
2123 /* allocate ram */
2124 buf = (unsigned char *)XMALLOC(bufSz,
2125 dh->heap, DYNAMIC_TYPE_TMP_BUFFER);
2126 if (buf == NULL)
2127 ret = MEMORY_E;
2128 }
2129
2130 /* make a random string that will be multplied against q */
2131 if (ret == 0)
2132 ret = wc_RNG_GenerateBlock(rng, buf, bufSz);
2133
2134 if (ret == 0) {
2135 /* force magnitude */
2136 buf[0] |= 0xC0;
2137 /* force even */
2138 buf[bufSz - 1] &= ~1;
2139
2140 if (mp_init_multi(&tmp, &tmp2, &dh->p, &dh->q, &dh->g, 0)
2141 != MP_OKAY) {
2142 ret = MP_INIT_E;
2143 }
2144 }
2145
2146 if (ret == 0) {
2147 if (mp_read_unsigned_bin(&tmp2, buf, bufSz) != MP_OKAY)
2148 ret = MP_READ_E;
2149 }
2150
2151 /* make our prime q */
2152 if (ret == 0) {
2153 if (mp_rand_prime(&dh->q, groupSz, rng, NULL) != MP_OKAY)
2154 ret = PRIME_GEN_E;
2155 }
2156
2157 /* p = random * q */
2158 if (ret == 0) {
2159 if (mp_mul(&dh->q, &tmp2, &dh->p) != MP_OKAY)
2160 ret = MP_MUL_E;
2161 }
2162
2163 /* p = random * q + 1, so q is a prime divisor of p-1 */
2164 if (ret == 0) {
2165 if (mp_add_d(&dh->p, 1, &dh->p) != MP_OKAY)
2166 ret = MP_ADD_E;
2167 }
2168
2169 /* tmp = 2q */
2170 if (ret == 0) {
2171 if (mp_add(&dh->q, &dh->q, &tmp) != MP_OKAY)
2172 ret = MP_ADD_E;
2173 }
2174
2175 /* loop until p is prime */
2176 if (ret == 0) {
2177 do {
2178 if (mp_prime_is_prime_ex(&dh->p, 8, &primeCheck, rng) != MP_OKAY)
2179 ret = PRIME_GEN_E;
2180
2181 if (primeCheck != MP_YES) {
2182 /* p += 2q */
2183 if (mp_add(&tmp, &dh->p, &dh->p) != MP_OKAY)
2184 ret = MP_ADD_E;
2185 else
2186 primeCheckCount++;
2187 }
2188 } while (ret == 0 && primeCheck == MP_NO);
2189 }
2190
2191 /* tmp2 += (2*loop_check_prime)
2192 * to have p = (q * tmp2) + 1 prime
2193 */
2194 if (primeCheckCount) {
2195 if (mp_add_d(&tmp2, 2 * primeCheckCount, &tmp2) != MP_OKAY)
2196 ret = MP_ADD_E;
2197 }
2198
2199 /* find a value g for which g^tmp2 != 1 */
2200 if (mp_set(&dh->g, 1) != MP_OKAY)
2201 ret = MP_ZERO_E;
2202
2203 if (ret == 0) {
2204 do {
2205 if (mp_add_d(&dh->g, 1, &dh->g) != MP_OKAY)
2206 ret = MP_ADD_E;
2207 else if (mp_exptmod(&dh->g, &tmp2, &dh->p, &tmp) != MP_OKAY)
2208 ret = MP_EXPTMOD_E;
2209 } while (ret == 0 && mp_cmp_d(&tmp, 1) == MP_EQ);
2210 }
2211
2212 /* at this point tmp generates a group of order q mod p */
2213 mp_exch(&tmp, &dh->g);
2214
2215 /* clear the parameters if there was an error */
2216 if (ret != 0) {
2217 mp_clear(&dh->q);
2218 mp_clear(&dh->p);
2219 mp_clear(&dh->g);
2220 }
2221
2222 ForceZero(buf, bufSz);
2223 XFREE(buf, dh->heap, DYNAMIC_TYPE_TMP_BUFFER);
2224 mp_clear(&tmp);
2225 mp_clear(&tmp2);
2226
2227 return ret;
2228}
2229
2230
2231/* Export raw DH parameters from DhKey structure
2232 *
2233 * dh - pointer to initialized DhKey structure
2234 * p - output location for DH (p) parameter
2235 * pSz - [IN/OUT] size of output buffer for p, size of p
2236 * q - output location for DH (q) parameter
2237 * qSz - [IN/OUT] size of output buffer for q, size of q
2238 * g - output location for DH (g) parameter
2239 * gSz - [IN/OUT] size of output buffer for g, size of g
2240 *
2241 * If p, q, and g pointers are all passed in as NULL, the function
2242 * will set pSz, qSz, and gSz to the required output buffer sizes for p,
2243 * q, and g. In this case, the function will return LENGTH_ONLY_E.
2244 *
2245 * returns 0 on success, negative upon failure
2246 */
2247int wc_DhExportParamsRaw(DhKey* dh, byte* p, word32* pSz,
2248 byte* q, word32* qSz, byte* g, word32* gSz)
2249{
2250 int ret = 0;
2251 word32 pLen = 0, qLen = 0, gLen = 0;
2252
2253 if (dh == NULL || pSz == NULL || qSz == NULL || gSz == NULL)
2254 ret = BAD_FUNC_ARG;
2255
2256 /* get required output buffer sizes */
2257 if (ret == 0) {
2258 pLen = mp_unsigned_bin_size(&dh->p);
2259 qLen = mp_unsigned_bin_size(&dh->q);
2260 gLen = mp_unsigned_bin_size(&dh->g);
2261
2262 /* return buffer sizes and LENGTH_ONLY_E if buffers are NULL */
2263 if (p == NULL && q == NULL && g == NULL) {
2264 *pSz = pLen;
2265 *qSz = qLen;
2266 *gSz = gLen;
2267 ret = LENGTH_ONLY_E;
2268 }
2269 }
2270
2271 if (ret == 0) {
2272 if (p == NULL || q == NULL || g == NULL)
2273 ret = BAD_FUNC_ARG;
2274 }
2275
2276 /* export p */
2277 if (ret == 0) {
2278 if (*pSz < pLen) {
2279 WOLFSSL_MSG("Output buffer for DH p parameter too small, "
2280 "required size placed into pSz");
2281 *pSz = pLen;
2282 ret = BUFFER_E;
2283 }
2284 }
2285
2286 if (ret == 0) {
2287 *pSz = pLen;
2288 if (mp_to_unsigned_bin(&dh->p, p) != MP_OKAY)
2289 ret = MP_TO_E;
2290 }
2291
2292 /* export q */
2293 if (ret == 0) {
2294 if (*qSz < qLen) {
2295 WOLFSSL_MSG("Output buffer for DH q parameter too small, "
2296 "required size placed into qSz");
2297 *qSz = qLen;
2298 ret = BUFFER_E;
2299 }
2300 }
2301
2302 if (ret == 0) {
2303 *qSz = qLen;
2304 if (mp_to_unsigned_bin(&dh->q, q) != MP_OKAY)
2305 ret = MP_TO_E;
2306 }
2307
2308 /* export g */
2309 if (ret == 0) {
2310 if (*gSz < gLen) {
2311 WOLFSSL_MSG("Output buffer for DH g parameter too small, "
2312 "required size placed into gSz");
2313 *gSz = gLen;
2314 ret = BUFFER_E;
2315 }
2316 }
2317
2318 if (ret == 0) {
2319 *gSz = gLen;
2320 if (mp_to_unsigned_bin(&dh->g, g) != MP_OKAY)
2321 ret = MP_TO_E;
2322 }
2323
2324 return ret;
2325}
2326
2327#endif /* WOLFSSL_KEY_GEN */
2328
2329#endif /* NO_DH */
Note: See TracBrowser for help on using the repository browser.