source: azure_iot_hub_f767zi/trunk/wolfssl-4.4.0/wolfcrypt/src/dh.c@ 457

Last change on this file since 457 was 457, checked in by coas-nagasima, 4 years ago

ファイルを追加
  • Property svn:eol-style set to native
  • Property svn:mime-type set to text/x-csrc;charset=UTF-8
File size: 83.4 KB
Line 
1/* dh.c
2 *
3 * Copyright (C) 2006-2020 wolfSSL Inc.
4 *
5 * This file is part of wolfSSL.
6 *
7 * wolfSSL is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * wolfSSL is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
20 */
21
22
23#ifdef HAVE_CONFIG_H
24 #include <config.h>
25#endif
26
27#include <wolfssl/wolfcrypt/settings.h>
28
29#ifndef NO_DH
30
31#if defined(HAVE_FIPS) && \
32 defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
33
34 /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
35 #define FIPS_NO_WRAPPERS
36
37 #ifdef USE_WINDOWS_API
38 #pragma code_seg(".fipsA$m")
39 #pragma const_seg(".fipsB$m")
40 #endif
41#endif
42
43#include <wolfssl/wolfcrypt/dh.h>
44#include <wolfssl/wolfcrypt/error-crypt.h>
45#include <wolfssl/wolfcrypt/logging.h>
46
47#ifdef WOLFSSL_HAVE_SP_DH
48#include <wolfssl/wolfcrypt/sp.h>
49#endif
50
51#ifdef NO_INLINE
52 #include <wolfssl/wolfcrypt/misc.h>
53#else
54 #define WOLFSSL_MISC_INCLUDED
55 #include <wolfcrypt/src/misc.c>
56#endif
57
58
59/*
60Possible DH enable options:
61 * NO_RSA: Overall control of DH default: on (not defined)
62 * WOLFSSL_OLD_PRIME_CHECK: Disables the new prime number check. It does not
63 directly effect this file, but it does speed up DH
64 removing the testing. It is not recommended to
65 disable the prime checking. default: off
66
67*/
68
69
70#if !defined(USER_MATH_LIB) && !defined(WOLFSSL_DH_CONST)
71 #include <math.h>
72 #define XPOW(x,y) pow((x),(y))
73 #define XLOG(x) log((x))
74#else
75 /* user's own math lib */
76#endif
77
78#ifdef HAVE_FFDHE_2048
79static const byte dh_ffdhe2048_p[] = {
80 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
81 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
82 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
83 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
84 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
85 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
86 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
87 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
88 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
89 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
90 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
91 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
92 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
93 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
94 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
95 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
96 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
97 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
98 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
99 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
100 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
101 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
102 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
103 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
104 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
105 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
106 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
107 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
108 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
109 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
110 0x88, 0x6B, 0x42, 0x38, 0x61, 0x28, 0x5C, 0x97,
111 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
112};
113static const byte dh_ffdhe2048_g[] = { 0x02 };
114#ifdef HAVE_FFDHE_Q
115static const byte dh_ffdhe2048_q[] = {
116 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
117 0xD6, 0xFC, 0x2A, 0x2C, 0x51, 0x5D, 0xA5, 0x4D,
118 0x57, 0xEE, 0x2B, 0x10, 0x13, 0x9E, 0x9E, 0x78,
119 0xEC, 0x5C, 0xE2, 0xC1, 0xE7, 0x16, 0x9B, 0x4A,
120 0xD4, 0xF0, 0x9B, 0x20, 0x8A, 0x32, 0x19, 0xFD,
121 0xE6, 0x49, 0xCE, 0xE7, 0x12, 0x4D, 0x9F, 0x7C,
122 0xBE, 0x97, 0xF1, 0xB1, 0xB1, 0x86, 0x3A, 0xEC,
123 0x7B, 0x40, 0xD9, 0x01, 0x57, 0x62, 0x30, 0xBD,
124 0x69, 0xEF, 0x8F, 0x6A, 0xEA, 0xFE, 0xB2, 0xB0,
125 0x92, 0x19, 0xFA, 0x8F, 0xAF, 0x83, 0x37, 0x68,
126 0x42, 0xB1, 0xB2, 0xAA, 0x9E, 0xF6, 0x8D, 0x79,
127 0xDA, 0xAB, 0x89, 0xAF, 0x3F, 0xAB, 0xE4, 0x9A,
128 0xCC, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xBB,
129 0xF1, 0x53, 0x44, 0xED, 0x79, 0xF7, 0xF4, 0x39,
130 0x0E, 0xF8, 0xAC, 0x50, 0x9B, 0x56, 0xF3, 0x9A,
131 0x98, 0x56, 0x65, 0x27, 0xA4, 0x1D, 0x3C, 0xBD,
132 0x5E, 0x05, 0x58, 0xC1, 0x59, 0x92, 0x7D, 0xB0,
133 0xE8, 0x84, 0x54, 0xA5, 0xD9, 0x64, 0x71, 0xFD,
134 0xDC, 0xB5, 0x6D, 0x5B, 0xB0, 0x6B, 0xFA, 0x34,
135 0x0E, 0xA7, 0xA1, 0x51, 0xEF, 0x1C, 0xA6, 0xFA,
136 0x57, 0x2B, 0x76, 0xF3, 0xB1, 0xB9, 0x5D, 0x8C,
137 0x85, 0x83, 0xD3, 0xE4, 0x77, 0x05, 0x36, 0xB8,
138 0x4F, 0x01, 0x7E, 0x70, 0xE6, 0xFB, 0xF1, 0x76,
139 0x60, 0x1A, 0x02, 0x66, 0x94, 0x1A, 0x17, 0xB0,
140 0xC8, 0xB9, 0x7F, 0x4E, 0x74, 0xC2, 0xC1, 0xFF,
141 0xC7, 0x27, 0x89, 0x19, 0x77, 0x79, 0x40, 0xC1,
142 0xE1, 0xFF, 0x1D, 0x8D, 0xA6, 0x37, 0xD6, 0xB9,
143 0x9D, 0xDA, 0xFE, 0x5E, 0x17, 0x61, 0x10, 0x02,
144 0xE2, 0xC7, 0x78, 0xC1, 0xBE, 0x8B, 0x41, 0xD9,
145 0x63, 0x79, 0xA5, 0x13, 0x60, 0xD9, 0x77, 0xFD,
146 0x44, 0x35, 0xA1, 0x1C, 0x30, 0x94, 0x2E, 0x4B,
147 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
148};
149#endif /* HAVE_FFDHE_Q */
150
151const DhParams* wc_Dh_ffdhe2048_Get(void)
152{
153 static const DhParams ffdhe2048 = {
154 #ifdef HAVE_FFDHE_Q
155 dh_ffdhe2048_q, sizeof(dh_ffdhe2048_q),
156 #endif /* HAVE_FFDHE_Q */
157 dh_ffdhe2048_p, sizeof(dh_ffdhe2048_p),
158 dh_ffdhe2048_g, sizeof(dh_ffdhe2048_g)
159 };
160 return &ffdhe2048;
161}
162#endif
163
164#ifdef HAVE_FFDHE_3072
165static const byte dh_ffdhe3072_p[] = {
166 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
167 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
168 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
169 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
170 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
171 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
172 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
173 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
174 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
175 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
176 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
177 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
178 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
179 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
180 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
181 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
182 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
183 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
184 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
185 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
186 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
187 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
188 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
189 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
190 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
191 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
192 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
193 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
194 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
195 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
196 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC,
197 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B,
198 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
199 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07,
200 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE,
201 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
202 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70,
203 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44,
204 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
205 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF,
206 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E,
207 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
208 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA,
209 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E,
210 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
211 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C,
212 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0xC6, 0x2E, 0x37,
213 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
214};
215static const byte dh_ffdhe3072_g[] = { 0x02 };
216#ifdef HAVE_FFDHE_Q
217static const byte dh_ffdhe3072_q[] = {
218 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
219 0xD6, 0xFC, 0x2A, 0x2C, 0x51, 0x5D, 0xA5, 0x4D,
220 0x57, 0xEE, 0x2B, 0x10, 0x13, 0x9E, 0x9E, 0x78,
221 0xEC, 0x5C, 0xE2, 0xC1, 0xE7, 0x16, 0x9B, 0x4A,
222 0xD4, 0xF0, 0x9B, 0x20, 0x8A, 0x32, 0x19, 0xFD,
223 0xE6, 0x49, 0xCE, 0xE7, 0x12, 0x4D, 0x9F, 0x7C,
224 0xBE, 0x97, 0xF1, 0xB1, 0xB1, 0x86, 0x3A, 0xEC,
225 0x7B, 0x40, 0xD9, 0x01, 0x57, 0x62, 0x30, 0xBD,
226 0x69, 0xEF, 0x8F, 0x6A, 0xEA, 0xFE, 0xB2, 0xB0,
227 0x92, 0x19, 0xFA, 0x8F, 0xAF, 0x83, 0x37, 0x68,
228 0x42, 0xB1, 0xB2, 0xAA, 0x9E, 0xF6, 0x8D, 0x79,
229 0xDA, 0xAB, 0x89, 0xAF, 0x3F, 0xAB, 0xE4, 0x9A,
230 0xCC, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xBB,
231 0xF1, 0x53, 0x44, 0xED, 0x79, 0xF7, 0xF4, 0x39,
232 0x0E, 0xF8, 0xAC, 0x50, 0x9B, 0x56, 0xF3, 0x9A,
233 0x98, 0x56, 0x65, 0x27, 0xA4, 0x1D, 0x3C, 0xBD,
234 0x5E, 0x05, 0x58, 0xC1, 0x59, 0x92, 0x7D, 0xB0,
235 0xE8, 0x84, 0x54, 0xA5, 0xD9, 0x64, 0x71, 0xFD,
236 0xDC, 0xB5, 0x6D, 0x5B, 0xB0, 0x6B, 0xFA, 0x34,
237 0x0E, 0xA7, 0xA1, 0x51, 0xEF, 0x1C, 0xA6, 0xFA,
238 0x57, 0x2B, 0x76, 0xF3, 0xB1, 0xB9, 0x5D, 0x8C,
239 0x85, 0x83, 0xD3, 0xE4, 0x77, 0x05, 0x36, 0xB8,
240 0x4F, 0x01, 0x7E, 0x70, 0xE6, 0xFB, 0xF1, 0x76,
241 0x60, 0x1A, 0x02, 0x66, 0x94, 0x1A, 0x17, 0xB0,
242 0xC8, 0xB9, 0x7F, 0x4E, 0x74, 0xC2, 0xC1, 0xFF,
243 0xC7, 0x27, 0x89, 0x19, 0x77, 0x79, 0x40, 0xC1,
244 0xE1, 0xFF, 0x1D, 0x8D, 0xA6, 0x37, 0xD6, 0xB9,
245 0x9D, 0xDA, 0xFE, 0x5E, 0x17, 0x61, 0x10, 0x02,
246 0xE2, 0xC7, 0x78, 0xC1, 0xBE, 0x8B, 0x41, 0xD9,
247 0x63, 0x79, 0xA5, 0x13, 0x60, 0xD9, 0x77, 0xFD,
248 0x44, 0x35, 0xA1, 0x1C, 0x30, 0x8F, 0xE7, 0xEE,
249 0x6F, 0x1A, 0xAD, 0x9D, 0xB2, 0x8C, 0x81, 0xAD,
250 0xDE, 0x1A, 0x7A, 0x6F, 0x7C, 0xCE, 0x01, 0x1C,
251 0x30, 0xDA, 0x37, 0xE4, 0xEB, 0x73, 0x64, 0x83,
252 0xBD, 0x6C, 0x8E, 0x93, 0x48, 0xFB, 0xFB, 0xF7,
253 0x2C, 0xC6, 0x58, 0x7D, 0x60, 0xC3, 0x6C, 0x8E,
254 0x57, 0x7F, 0x09, 0x84, 0xC2, 0x89, 0xC9, 0x38,
255 0x5A, 0x09, 0x86, 0x49, 0xDE, 0x21, 0xBC, 0xA2,
256 0x7A, 0x7E, 0xA2, 0x29, 0x71, 0x6B, 0xA6, 0xE9,
257 0xB2, 0x79, 0x71, 0x0F, 0x38, 0xFA, 0xA5, 0xFF,
258 0xAE, 0x57, 0x41, 0x55, 0xCE, 0x4E, 0xFB, 0x4F,
259 0x74, 0x36, 0x95, 0xE2, 0x91, 0x1B, 0x1D, 0x06,
260 0xD5, 0xE2, 0x90, 0xCB, 0xCD, 0x86, 0xF5, 0x6D,
261 0x0E, 0xDF, 0xCD, 0x21, 0x6A, 0xE2, 0x24, 0x27,
262 0x05, 0x5E, 0x68, 0x35, 0xFD, 0x29, 0xEE, 0xF7,
263 0x9E, 0x0D, 0x90, 0x77, 0x1F, 0xEA, 0xCE, 0xBE,
264 0x12, 0xF2, 0x0E, 0x95, 0xB3, 0x63, 0x17, 0x1B,
265 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
266};
267#endif /* HAVE_FFDHE_Q */
268
269const DhParams* wc_Dh_ffdhe3072_Get(void)
270{
271 static const DhParams ffdhe3072 = {
272 #ifdef HAVE_FFDHE_Q
273 dh_ffdhe3072_q, sizeof(dh_ffdhe3072_q),
274 #endif /* HAVE_FFDHE_Q */
275 dh_ffdhe3072_p, sizeof(dh_ffdhe3072_p),
276 dh_ffdhe3072_g, sizeof(dh_ffdhe3072_g)
277 };
278 return &ffdhe3072;
279}
280#endif
281
282#ifdef HAVE_FFDHE_4096
283static const byte dh_ffdhe4096_p[] = {
284 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
285 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
286 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
287 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
288 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
289 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
290 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
291 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
292 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
293 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
294 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
295 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
296 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
297 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
298 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
299 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
300 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
301 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
302 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
303 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
304 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
305 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
306 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
307 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
308 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
309 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
310 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
311 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
312 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
313 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
314 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC,
315 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B,
316 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
317 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07,
318 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE,
319 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
320 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70,
321 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44,
322 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
323 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF,
324 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E,
325 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
326 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA,
327 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E,
328 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
329 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C,
330 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1,
331 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB,
332 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6,
333 0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18,
334 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04,
335 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A,
336 0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A,
337 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32,
338 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4,
339 0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38,
340 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A,
341 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C,
342 0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC,
343 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF,
344 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B,
345 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1,
346 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x65, 0x5F, 0x6A,
347 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
348};
349static const byte dh_ffdhe4096_g[] = { 0x02 };
350#ifdef HAVE_FFDHE_Q
351static const byte dh_ffdhe4096_q[] = {
352 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
353 0xD6, 0xFC, 0x2A, 0x2C, 0x51, 0x5D, 0xA5, 0x4D,
354 0x57, 0xEE, 0x2B, 0x10, 0x13, 0x9E, 0x9E, 0x78,
355 0xEC, 0x5C, 0xE2, 0xC1, 0xE7, 0x16, 0x9B, 0x4A,
356 0xD4, 0xF0, 0x9B, 0x20, 0x8A, 0x32, 0x19, 0xFD,
357 0xE6, 0x49, 0xCE, 0xE7, 0x12, 0x4D, 0x9F, 0x7C,
358 0xBE, 0x97, 0xF1, 0xB1, 0xB1, 0x86, 0x3A, 0xEC,
359 0x7B, 0x40, 0xD9, 0x01, 0x57, 0x62, 0x30, 0xBD,
360 0x69, 0xEF, 0x8F, 0x6A, 0xEA, 0xFE, 0xB2, 0xB0,
361 0x92, 0x19, 0xFA, 0x8F, 0xAF, 0x83, 0x37, 0x68,
362 0x42, 0xB1, 0xB2, 0xAA, 0x9E, 0xF6, 0x8D, 0x79,
363 0xDA, 0xAB, 0x89, 0xAF, 0x3F, 0xAB, 0xE4, 0x9A,
364 0xCC, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xBB,
365 0xF1, 0x53, 0x44, 0xED, 0x79, 0xF7, 0xF4, 0x39,
366 0x0E, 0xF8, 0xAC, 0x50, 0x9B, 0x56, 0xF3, 0x9A,
367 0x98, 0x56, 0x65, 0x27, 0xA4, 0x1D, 0x3C, 0xBD,
368 0x5E, 0x05, 0x58, 0xC1, 0x59, 0x92, 0x7D, 0xB0,
369 0xE8, 0x84, 0x54, 0xA5, 0xD9, 0x64, 0x71, 0xFD,
370 0xDC, 0xB5, 0x6D, 0x5B, 0xB0, 0x6B, 0xFA, 0x34,
371 0x0E, 0xA7, 0xA1, 0x51, 0xEF, 0x1C, 0xA6, 0xFA,
372 0x57, 0x2B, 0x76, 0xF3, 0xB1, 0xB9, 0x5D, 0x8C,
373 0x85, 0x83, 0xD3, 0xE4, 0x77, 0x05, 0x36, 0xB8,
374 0x4F, 0x01, 0x7E, 0x70, 0xE6, 0xFB, 0xF1, 0x76,
375 0x60, 0x1A, 0x02, 0x66, 0x94, 0x1A, 0x17, 0xB0,
376 0xC8, 0xB9, 0x7F, 0x4E, 0x74, 0xC2, 0xC1, 0xFF,
377 0xC7, 0x27, 0x89, 0x19, 0x77, 0x79, 0x40, 0xC1,
378 0xE1, 0xFF, 0x1D, 0x8D, 0xA6, 0x37, 0xD6, 0xB9,
379 0x9D, 0xDA, 0xFE, 0x5E, 0x17, 0x61, 0x10, 0x02,
380 0xE2, 0xC7, 0x78, 0xC1, 0xBE, 0x8B, 0x41, 0xD9,
381 0x63, 0x79, 0xA5, 0x13, 0x60, 0xD9, 0x77, 0xFD,
382 0x44, 0x35, 0xA1, 0x1C, 0x30, 0x8F, 0xE7, 0xEE,
383 0x6F, 0x1A, 0xAD, 0x9D, 0xB2, 0x8C, 0x81, 0xAD,
384 0xDE, 0x1A, 0x7A, 0x6F, 0x7C, 0xCE, 0x01, 0x1C,
385 0x30, 0xDA, 0x37, 0xE4, 0xEB, 0x73, 0x64, 0x83,
386 0xBD, 0x6C, 0x8E, 0x93, 0x48, 0xFB, 0xFB, 0xF7,
387 0x2C, 0xC6, 0x58, 0x7D, 0x60, 0xC3, 0x6C, 0x8E,
388 0x57, 0x7F, 0x09, 0x84, 0xC2, 0x89, 0xC9, 0x38,
389 0x5A, 0x09, 0x86, 0x49, 0xDE, 0x21, 0xBC, 0xA2,
390 0x7A, 0x7E, 0xA2, 0x29, 0x71, 0x6B, 0xA6, 0xE9,
391 0xB2, 0x79, 0x71, 0x0F, 0x38, 0xFA, 0xA5, 0xFF,
392 0xAE, 0x57, 0x41, 0x55, 0xCE, 0x4E, 0xFB, 0x4F,
393 0x74, 0x36, 0x95, 0xE2, 0x91, 0x1B, 0x1D, 0x06,
394 0xD5, 0xE2, 0x90, 0xCB, 0xCD, 0x86, 0xF5, 0x6D,
395 0x0E, 0xDF, 0xCD, 0x21, 0x6A, 0xE2, 0x24, 0x27,
396 0x05, 0x5E, 0x68, 0x35, 0xFD, 0x29, 0xEE, 0xF7,
397 0x9E, 0x0D, 0x90, 0x77, 0x1F, 0xEA, 0xCE, 0xBE,
398 0x12, 0xF2, 0x0E, 0x95, 0xB3, 0x4F, 0x0F, 0x78,
399 0xB7, 0x37, 0xA9, 0x61, 0x8B, 0x26, 0xFA, 0x7D,
400 0xBC, 0x98, 0x74, 0xF2, 0x72, 0xC4, 0x2B, 0xDB,
401 0x56, 0x3E, 0xAF, 0xA1, 0x6B, 0x4F, 0xB6, 0x8C,
402 0x3B, 0xB1, 0xE7, 0x8E, 0xAA, 0x81, 0xA0, 0x02,
403 0x43, 0xFA, 0xAD, 0xD2, 0xBF, 0x18, 0xE6, 0x3D,
404 0x38, 0x9A, 0xE4, 0x43, 0x77, 0xDA, 0x18, 0xC5,
405 0x76, 0xB5, 0x0F, 0x00, 0x96, 0xCF, 0x34, 0x19,
406 0x54, 0x83, 0xB0, 0x05, 0x48, 0xC0, 0x98, 0x62,
407 0x36, 0xE3, 0xBC, 0x7C, 0xB8, 0xD6, 0x80, 0x1C,
408 0x04, 0x94, 0xCC, 0xD1, 0x99, 0xE5, 0xC5, 0xBD,
409 0x0D, 0x0E, 0xDC, 0x9E, 0xB8, 0xA0, 0x00, 0x1E,
410 0x15, 0x27, 0x67, 0x54, 0xFC, 0xC6, 0x85, 0x66,
411 0x05, 0x41, 0x48, 0xE6, 0xE7, 0x64, 0xBE, 0xE7,
412 0xC7, 0x64, 0xDA, 0xAD, 0x3F, 0xC4, 0x52, 0x35,
413 0xA6, 0xDA, 0xD4, 0x28, 0xFA, 0x20, 0xC1, 0x70,
414 0xE3, 0x45, 0x00, 0x3F, 0x2F, 0x32, 0xAF, 0xB5,
415 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
416};
417#endif /* HAVE_FFDHE_Q */
418
419const DhParams* wc_Dh_ffdhe4096_Get(void)
420{
421 static const DhParams ffdhe4096 = {
422 #ifdef HAVE_FFDHE_Q
423 dh_ffdhe4096_q, sizeof(dh_ffdhe4096_q),
424 #endif /* HAVE_FFDHE_Q */
425 dh_ffdhe4096_p, sizeof(dh_ffdhe4096_p),
426 dh_ffdhe4096_g, sizeof(dh_ffdhe4096_g)
427 };
428 return &ffdhe4096;
429}
430#endif
431
432#ifdef HAVE_FFDHE_6144
433static const byte dh_ffdhe6144_p[] = {
434 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
435 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
436 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
437 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
438 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
439 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
440 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
441 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
442 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
443 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
444 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
445 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
446 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
447 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
448 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
449 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
450 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
451 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
452 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
453 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
454 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
455 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
456 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
457 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
458 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
459 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
460 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
461 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
462 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
463 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
464 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC,
465 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B,
466 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
467 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07,
468 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE,
469 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
470 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70,
471 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44,
472 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
473 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF,
474 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E,
475 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
476 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA,
477 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E,
478 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
479 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C,
480 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1,
481 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB,
482 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6,
483 0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18,
484 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04,
485 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A,
486 0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A,
487 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32,
488 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4,
489 0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38,
490 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A,
491 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C,
492 0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC,
493 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF,
494 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B,
495 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1,
496 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02,
497 0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A,
498 0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53, 0x2A, 0x3A,
499 0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6,
500 0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8,
501 0x91, 0x7B, 0xDD, 0x64, 0xB1, 0xC0, 0xFD, 0x4C,
502 0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A,
503 0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71,
504 0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F,
505 0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77,
506 0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10,
507 0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8,
508 0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3,
509 0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E,
510 0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3,
511 0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4,
512 0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1,
513 0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, 0xF9, 0x92,
514 0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6,
515 0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82,
516 0x0A, 0xE8, 0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE,
517 0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C,
518 0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E,
519 0x62, 0x29, 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46,
520 0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A,
521 0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17,
522 0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03,
523 0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04,
524 0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6,
525 0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69,
526 0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1,
527 0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4,
528 0xA4, 0x0E, 0x32, 0x9C, 0xD0, 0xE4, 0x0E, 0x65,
529 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
530};
531static const byte dh_ffdhe6144_g[] = { 0x02 };
532#ifdef HAVE_FFDHE_Q
533static const byte dh_ffdhe6144_q[] = {
534 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
535 0xD6, 0xFC, 0x2A, 0x2C, 0x51, 0x5D, 0xA5, 0x4D,
536 0x57, 0xEE, 0x2B, 0x10, 0x13, 0x9E, 0x9E, 0x78,
537 0xEC, 0x5C, 0xE2, 0xC1, 0xE7, 0x16, 0x9B, 0x4A,
538 0xD4, 0xF0, 0x9B, 0x20, 0x8A, 0x32, 0x19, 0xFD,
539 0xE6, 0x49, 0xCE, 0xE7, 0x12, 0x4D, 0x9F, 0x7C,
540 0xBE, 0x97, 0xF1, 0xB1, 0xB1, 0x86, 0x3A, 0xEC,
541 0x7B, 0x40, 0xD9, 0x01, 0x57, 0x62, 0x30, 0xBD,
542 0x69, 0xEF, 0x8F, 0x6A, 0xEA, 0xFE, 0xB2, 0xB0,
543 0x92, 0x19, 0xFA, 0x8F, 0xAF, 0x83, 0x37, 0x68,
544 0x42, 0xB1, 0xB2, 0xAA, 0x9E, 0xF6, 0x8D, 0x79,
545 0xDA, 0xAB, 0x89, 0xAF, 0x3F, 0xAB, 0xE4, 0x9A,
546 0xCC, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xBB,
547 0xF1, 0x53, 0x44, 0xED, 0x79, 0xF7, 0xF4, 0x39,
548 0x0E, 0xF8, 0xAC, 0x50, 0x9B, 0x56, 0xF3, 0x9A,
549 0x98, 0x56, 0x65, 0x27, 0xA4, 0x1D, 0x3C, 0xBD,
550 0x5E, 0x05, 0x58, 0xC1, 0x59, 0x92, 0x7D, 0xB0,
551 0xE8, 0x84, 0x54, 0xA5, 0xD9, 0x64, 0x71, 0xFD,
552 0xDC, 0xB5, 0x6D, 0x5B, 0xB0, 0x6B, 0xFA, 0x34,
553 0x0E, 0xA7, 0xA1, 0x51, 0xEF, 0x1C, 0xA6, 0xFA,
554 0x57, 0x2B, 0x76, 0xF3, 0xB1, 0xB9, 0x5D, 0x8C,
555 0x85, 0x83, 0xD3, 0xE4, 0x77, 0x05, 0x36, 0xB8,
556 0x4F, 0x01, 0x7E, 0x70, 0xE6, 0xFB, 0xF1, 0x76,
557 0x60, 0x1A, 0x02, 0x66, 0x94, 0x1A, 0x17, 0xB0,
558 0xC8, 0xB9, 0x7F, 0x4E, 0x74, 0xC2, 0xC1, 0xFF,
559 0xC7, 0x27, 0x89, 0x19, 0x77, 0x79, 0x40, 0xC1,
560 0xE1, 0xFF, 0x1D, 0x8D, 0xA6, 0x37, 0xD6, 0xB9,
561 0x9D, 0xDA, 0xFE, 0x5E, 0x17, 0x61, 0x10, 0x02,
562 0xE2, 0xC7, 0x78, 0xC1, 0xBE, 0x8B, 0x41, 0xD9,
563 0x63, 0x79, 0xA5, 0x13, 0x60, 0xD9, 0x77, 0xFD,
564 0x44, 0x35, 0xA1, 0x1C, 0x30, 0x8F, 0xE7, 0xEE,
565 0x6F, 0x1A, 0xAD, 0x9D, 0xB2, 0x8C, 0x81, 0xAD,
566 0xDE, 0x1A, 0x7A, 0x6F, 0x7C, 0xCE, 0x01, 0x1C,
567 0x30, 0xDA, 0x37, 0xE4, 0xEB, 0x73, 0x64, 0x83,
568 0xBD, 0x6C, 0x8E, 0x93, 0x48, 0xFB, 0xFB, 0xF7,
569 0x2C, 0xC6, 0x58, 0x7D, 0x60, 0xC3, 0x6C, 0x8E,
570 0x57, 0x7F, 0x09, 0x84, 0xC2, 0x89, 0xC9, 0x38,
571 0x5A, 0x09, 0x86, 0x49, 0xDE, 0x21, 0xBC, 0xA2,
572 0x7A, 0x7E, 0xA2, 0x29, 0x71, 0x6B, 0xA6, 0xE9,
573 0xB2, 0x79, 0x71, 0x0F, 0x38, 0xFA, 0xA5, 0xFF,
574 0xAE, 0x57, 0x41, 0x55, 0xCE, 0x4E, 0xFB, 0x4F,
575 0x74, 0x36, 0x95, 0xE2, 0x91, 0x1B, 0x1D, 0x06,
576 0xD5, 0xE2, 0x90, 0xCB, 0xCD, 0x86, 0xF5, 0x6D,
577 0x0E, 0xDF, 0xCD, 0x21, 0x6A, 0xE2, 0x24, 0x27,
578 0x05, 0x5E, 0x68, 0x35, 0xFD, 0x29, 0xEE, 0xF7,
579 0x9E, 0x0D, 0x90, 0x77, 0x1F, 0xEA, 0xCE, 0xBE,
580 0x12, 0xF2, 0x0E, 0x95, 0xB3, 0x4F, 0x0F, 0x78,
581 0xB7, 0x37, 0xA9, 0x61, 0x8B, 0x26, 0xFA, 0x7D,
582 0xBC, 0x98, 0x74, 0xF2, 0x72, 0xC4, 0x2B, 0xDB,
583 0x56, 0x3E, 0xAF, 0xA1, 0x6B, 0x4F, 0xB6, 0x8C,
584 0x3B, 0xB1, 0xE7, 0x8E, 0xAA, 0x81, 0xA0, 0x02,
585 0x43, 0xFA, 0xAD, 0xD2, 0xBF, 0x18, 0xE6, 0x3D,
586 0x38, 0x9A, 0xE4, 0x43, 0x77, 0xDA, 0x18, 0xC5,
587 0x76, 0xB5, 0x0F, 0x00, 0x96, 0xCF, 0x34, 0x19,
588 0x54, 0x83, 0xB0, 0x05, 0x48, 0xC0, 0x98, 0x62,
589 0x36, 0xE3, 0xBC, 0x7C, 0xB8, 0xD6, 0x80, 0x1C,
590 0x04, 0x94, 0xCC, 0xD1, 0x99, 0xE5, 0xC5, 0xBD,
591 0x0D, 0x0E, 0xDC, 0x9E, 0xB8, 0xA0, 0x00, 0x1E,
592 0x15, 0x27, 0x67, 0x54, 0xFC, 0xC6, 0x85, 0x66,
593 0x05, 0x41, 0x48, 0xE6, 0xE7, 0x64, 0xBE, 0xE7,
594 0xC7, 0x64, 0xDA, 0xAD, 0x3F, 0xC4, 0x52, 0x35,
595 0xA6, 0xDA, 0xD4, 0x28, 0xFA, 0x20, 0xC1, 0x70,
596 0xE3, 0x45, 0x00, 0x3F, 0x2F, 0x06, 0xEC, 0x81,
597 0x05, 0xFE, 0xB2, 0x5B, 0x22, 0x81, 0xB6, 0x3D,
598 0x27, 0x33, 0xBE, 0x96, 0x1C, 0x29, 0x95, 0x1D,
599 0x11, 0xDD, 0x22, 0x21, 0x65, 0x7A, 0x9F, 0x53,
600 0x1D, 0xDA, 0x2A, 0x19, 0x4D, 0xBB, 0x12, 0x64,
601 0x48, 0xBD, 0xEE, 0xB2, 0x58, 0xE0, 0x7E, 0xA6,
602 0x59, 0xC7, 0x46, 0x19, 0xA6, 0x38, 0x0E, 0x1D,
603 0x66, 0xD6, 0x83, 0x2B, 0xFE, 0x67, 0xF6, 0x38,
604 0xCD, 0x8F, 0xAE, 0x1F, 0x27, 0x23, 0x02, 0x0F,
605 0x9C, 0x40, 0xA3, 0xFD, 0xA6, 0x7E, 0xDA, 0x3B,
606 0xD2, 0x92, 0x38, 0xFB, 0xD4, 0xD4, 0xB4, 0x88,
607 0x5C, 0x2A, 0x99, 0x17, 0x6D, 0xB1, 0xA0, 0x6C,
608 0x50, 0x07, 0x78, 0x49, 0x1A, 0x82, 0x88, 0xF1,
609 0x85, 0x5F, 0x60, 0xFF, 0xFC, 0xF1, 0xD1, 0x37,
610 0x3F, 0xD9, 0x4F, 0xC6, 0x0C, 0x18, 0x11, 0xE1,
611 0xAC, 0x3F, 0x1C, 0x6D, 0x00, 0x3B, 0xEC, 0xDA,
612 0x3B, 0x1F, 0x27, 0x25, 0xCA, 0x59, 0x5D, 0xE0,
613 0xCA, 0x63, 0x32, 0x8F, 0x3B, 0xE5, 0x7C, 0xC9,
614 0x77, 0x55, 0x60, 0x11, 0x95, 0x14, 0x0D, 0xFB,
615 0x59, 0xD3, 0x9C, 0xE0, 0x91, 0x30, 0x8B, 0x41,
616 0x05, 0x74, 0x6D, 0xAC, 0x23, 0xD3, 0x3E, 0x5F,
617 0x7C, 0xE4, 0x84, 0x8D, 0xA3, 0x16, 0xA9, 0xC6,
618 0x6B, 0x95, 0x81, 0xBA, 0x35, 0x73, 0xBF, 0xAF,
619 0x31, 0x14, 0x96, 0x18, 0x8A, 0xB1, 0x54, 0x23,
620 0x28, 0x2E, 0xE4, 0x16, 0xDC, 0x2A, 0x19, 0xC5,
621 0x72, 0x4F, 0xA9, 0x1A, 0xE4, 0xAD, 0xC8, 0x8B,
622 0xC6, 0x67, 0x96, 0xEA, 0xE5, 0x67, 0x7A, 0x01,
623 0xF6, 0x4E, 0x8C, 0x08, 0x63, 0x13, 0x95, 0x82,
624 0x2D, 0x9D, 0xB8, 0xFC, 0xEE, 0x35, 0xC0, 0x6B,
625 0x1F, 0xEE, 0xA5, 0x47, 0x4D, 0x6D, 0x8F, 0x34,
626 0xB1, 0x53, 0x4A, 0x93, 0x6A, 0x18, 0xB0, 0xE0,
627 0xD2, 0x0E, 0xAB, 0x86, 0xBC, 0x9C, 0x6D, 0x6A,
628 0x52, 0x07, 0x19, 0x4E, 0x68, 0x72, 0x07, 0x32,
629 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
630};
631#endif /* HAVE_FFDHE_Q */
632
633const DhParams* wc_Dh_ffdhe6144_Get(void)
634{
635 static const DhParams ffdhe6144 = {
636 #ifdef HAVE_FFDHE_Q
637 dh_ffdhe6144_q, sizeof(dh_ffdhe6144_q),
638 #endif /* HAVE_FFDHE_Q */
639 dh_ffdhe6144_p, sizeof(dh_ffdhe6144_p),
640 dh_ffdhe6144_g, sizeof(dh_ffdhe6144_g)
641 };
642 return &ffdhe6144;
643}
644#endif
645
646#ifdef HAVE_FFDHE_8192
647static const byte dh_ffdhe8192_p[] = {
648 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
649 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
650 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
651 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
652 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
653 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
654 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
655 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
656 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
657 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
658 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
659 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
660 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
661 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
662 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
663 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
664 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
665 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
666 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
667 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
668 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
669 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
670 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
671 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
672 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
673 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
674 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
675 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
676 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
677 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
678 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC,
679 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B,
680 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
681 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07,
682 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE,
683 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
684 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70,
685 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44,
686 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
687 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF,
688 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E,
689 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
690 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA,
691 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E,
692 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
693 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C,
694 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1,
695 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB,
696 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6,
697 0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18,
698 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04,
699 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A,
700 0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A,
701 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32,
702 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4,
703 0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38,
704 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A,
705 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C,
706 0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC,
707 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF,
708 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B,
709 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1,
710 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02,
711 0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A,
712 0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53, 0x2A, 0x3A,
713 0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6,
714 0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8,
715 0x91, 0x7B, 0xDD, 0x64, 0xB1, 0xC0, 0xFD, 0x4C,
716 0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A,
717 0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71,
718 0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F,
719 0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77,
720 0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10,
721 0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8,
722 0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3,
723 0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E,
724 0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3,
725 0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4,
726 0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1,
727 0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, 0xF9, 0x92,
728 0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6,
729 0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82,
730 0x0A, 0xE8, 0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE,
731 0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C,
732 0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E,
733 0x62, 0x29, 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46,
734 0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A,
735 0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17,
736 0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03,
737 0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04,
738 0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6,
739 0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69,
740 0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1,
741 0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4,
742 0xA4, 0x0E, 0x32, 0x9C, 0xCF, 0xF4, 0x6A, 0xAA,
743 0x36, 0xAD, 0x00, 0x4C, 0xF6, 0x00, 0xC8, 0x38,
744 0x1E, 0x42, 0x5A, 0x31, 0xD9, 0x51, 0xAE, 0x64,
745 0xFD, 0xB2, 0x3F, 0xCE, 0xC9, 0x50, 0x9D, 0x43,
746 0x68, 0x7F, 0xEB, 0x69, 0xED, 0xD1, 0xCC, 0x5E,
747 0x0B, 0x8C, 0xC3, 0xBD, 0xF6, 0x4B, 0x10, 0xEF,
748 0x86, 0xB6, 0x31, 0x42, 0xA3, 0xAB, 0x88, 0x29,
749 0x55, 0x5B, 0x2F, 0x74, 0x7C, 0x93, 0x26, 0x65,
750 0xCB, 0x2C, 0x0F, 0x1C, 0xC0, 0x1B, 0xD7, 0x02,
751 0x29, 0x38, 0x88, 0x39, 0xD2, 0xAF, 0x05, 0xE4,
752 0x54, 0x50, 0x4A, 0xC7, 0x8B, 0x75, 0x82, 0x82,
753 0x28, 0x46, 0xC0, 0xBA, 0x35, 0xC3, 0x5F, 0x5C,
754 0x59, 0x16, 0x0C, 0xC0, 0x46, 0xFD, 0x82, 0x51,
755 0x54, 0x1F, 0xC6, 0x8C, 0x9C, 0x86, 0xB0, 0x22,
756 0xBB, 0x70, 0x99, 0x87, 0x6A, 0x46, 0x0E, 0x74,
757 0x51, 0xA8, 0xA9, 0x31, 0x09, 0x70, 0x3F, 0xEE,
758 0x1C, 0x21, 0x7E, 0x6C, 0x38, 0x26, 0xE5, 0x2C,
759 0x51, 0xAA, 0x69, 0x1E, 0x0E, 0x42, 0x3C, 0xFC,
760 0x99, 0xE9, 0xE3, 0x16, 0x50, 0xC1, 0x21, 0x7B,
761 0x62, 0x48, 0x16, 0xCD, 0xAD, 0x9A, 0x95, 0xF9,
762 0xD5, 0xB8, 0x01, 0x94, 0x88, 0xD9, 0xC0, 0xA0,
763 0xA1, 0xFE, 0x30, 0x75, 0xA5, 0x77, 0xE2, 0x31,
764 0x83, 0xF8, 0x1D, 0x4A, 0x3F, 0x2F, 0xA4, 0x57,
765 0x1E, 0xFC, 0x8C, 0xE0, 0xBA, 0x8A, 0x4F, 0xE8,
766 0xB6, 0x85, 0x5D, 0xFE, 0x72, 0xB0, 0xA6, 0x6E,
767 0xDE, 0xD2, 0xFB, 0xAB, 0xFB, 0xE5, 0x8A, 0x30,
768 0xFA, 0xFA, 0xBE, 0x1C, 0x5D, 0x71, 0xA8, 0x7E,
769 0x2F, 0x74, 0x1E, 0xF8, 0xC1, 0xFE, 0x86, 0xFE,
770 0xA6, 0xBB, 0xFD, 0xE5, 0x30, 0x67, 0x7F, 0x0D,
771 0x97, 0xD1, 0x1D, 0x49, 0xF7, 0xA8, 0x44, 0x3D,
772 0x08, 0x22, 0xE5, 0x06, 0xA9, 0xF4, 0x61, 0x4E,
773 0x01, 0x1E, 0x2A, 0x94, 0x83, 0x8F, 0xF8, 0x8C,
774 0xD6, 0x8C, 0x8B, 0xB7, 0xC5, 0xC6, 0x42, 0x4C,
775 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
776};
777static const byte dh_ffdhe8192_g[] = { 0x02 };
778#ifdef HAVE_FFDHE_Q
779static const byte dh_ffdhe8192_q[] = {
780 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
781 0xD6, 0xFC, 0x2A, 0x2C, 0x51, 0x5D, 0xA5, 0x4D,
782 0x57, 0xEE, 0x2B, 0x10, 0x13, 0x9E, 0x9E, 0x78,
783 0xEC, 0x5C, 0xE2, 0xC1, 0xE7, 0x16, 0x9B, 0x4A,
784 0xD4, 0xF0, 0x9B, 0x20, 0x8A, 0x32, 0x19, 0xFD,
785 0xE6, 0x49, 0xCE, 0xE7, 0x12, 0x4D, 0x9F, 0x7C,
786 0xBE, 0x97, 0xF1, 0xB1, 0xB1, 0x86, 0x3A, 0xEC,
787 0x7B, 0x40, 0xD9, 0x01, 0x57, 0x62, 0x30, 0xBD,
788 0x69, 0xEF, 0x8F, 0x6A, 0xEA, 0xFE, 0xB2, 0xB0,
789 0x92, 0x19, 0xFA, 0x8F, 0xAF, 0x83, 0x37, 0x68,
790 0x42, 0xB1, 0xB2, 0xAA, 0x9E, 0xF6, 0x8D, 0x79,
791 0xDA, 0xAB, 0x89, 0xAF, 0x3F, 0xAB, 0xE4, 0x9A,
792 0xCC, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xBB,
793 0xF1, 0x53, 0x44, 0xED, 0x79, 0xF7, 0xF4, 0x39,
794 0x0E, 0xF8, 0xAC, 0x50, 0x9B, 0x56, 0xF3, 0x9A,
795 0x98, 0x56, 0x65, 0x27, 0xA4, 0x1D, 0x3C, 0xBD,
796 0x5E, 0x05, 0x58, 0xC1, 0x59, 0x92, 0x7D, 0xB0,
797 0xE8, 0x84, 0x54, 0xA5, 0xD9, 0x64, 0x71, 0xFD,
798 0xDC, 0xB5, 0x6D, 0x5B, 0xB0, 0x6B, 0xFA, 0x34,
799 0x0E, 0xA7, 0xA1, 0x51, 0xEF, 0x1C, 0xA6, 0xFA,
800 0x57, 0x2B, 0x76, 0xF3, 0xB1, 0xB9, 0x5D, 0x8C,
801 0x85, 0x83, 0xD3, 0xE4, 0x77, 0x05, 0x36, 0xB8,
802 0x4F, 0x01, 0x7E, 0x70, 0xE6, 0xFB, 0xF1, 0x76,
803 0x60, 0x1A, 0x02, 0x66, 0x94, 0x1A, 0x17, 0xB0,
804 0xC8, 0xB9, 0x7F, 0x4E, 0x74, 0xC2, 0xC1, 0xFF,
805 0xC7, 0x27, 0x89, 0x19, 0x77, 0x79, 0x40, 0xC1,
806 0xE1, 0xFF, 0x1D, 0x8D, 0xA6, 0x37, 0xD6, 0xB9,
807 0x9D, 0xDA, 0xFE, 0x5E, 0x17, 0x61, 0x10, 0x02,
808 0xE2, 0xC7, 0x78, 0xC1, 0xBE, 0x8B, 0x41, 0xD9,
809 0x63, 0x79, 0xA5, 0x13, 0x60, 0xD9, 0x77, 0xFD,
810 0x44, 0x35, 0xA1, 0x1C, 0x30, 0x8F, 0xE7, 0xEE,
811 0x6F, 0x1A, 0xAD, 0x9D, 0xB2, 0x8C, 0x81, 0xAD,
812 0xDE, 0x1A, 0x7A, 0x6F, 0x7C, 0xCE, 0x01, 0x1C,
813 0x30, 0xDA, 0x37, 0xE4, 0xEB, 0x73, 0x64, 0x83,
814 0xBD, 0x6C, 0x8E, 0x93, 0x48, 0xFB, 0xFB, 0xF7,
815 0x2C, 0xC6, 0x58, 0x7D, 0x60, 0xC3, 0x6C, 0x8E,
816 0x57, 0x7F, 0x09, 0x84, 0xC2, 0x89, 0xC9, 0x38,
817 0x5A, 0x09, 0x86, 0x49, 0xDE, 0x21, 0xBC, 0xA2,
818 0x7A, 0x7E, 0xA2, 0x29, 0x71, 0x6B, 0xA6, 0xE9,
819 0xB2, 0x79, 0x71, 0x0F, 0x38, 0xFA, 0xA5, 0xFF,
820 0xAE, 0x57, 0x41, 0x55, 0xCE, 0x4E, 0xFB, 0x4F,
821 0x74, 0x36, 0x95, 0xE2, 0x91, 0x1B, 0x1D, 0x06,
822 0xD5, 0xE2, 0x90, 0xCB, 0xCD, 0x86, 0xF5, 0x6D,
823 0x0E, 0xDF, 0xCD, 0x21, 0x6A, 0xE2, 0x24, 0x27,
824 0x05, 0x5E, 0x68, 0x35, 0xFD, 0x29, 0xEE, 0xF7,
825 0x9E, 0x0D, 0x90, 0x77, 0x1F, 0xEA, 0xCE, 0xBE,
826 0x12, 0xF2, 0x0E, 0x95, 0xB3, 0x4F, 0x0F, 0x78,
827 0xB7, 0x37, 0xA9, 0x61, 0x8B, 0x26, 0xFA, 0x7D,
828 0xBC, 0x98, 0x74, 0xF2, 0x72, 0xC4, 0x2B, 0xDB,
829 0x56, 0x3E, 0xAF, 0xA1, 0x6B, 0x4F, 0xB6, 0x8C,
830 0x3B, 0xB1, 0xE7, 0x8E, 0xAA, 0x81, 0xA0, 0x02,
831 0x43, 0xFA, 0xAD, 0xD2, 0xBF, 0x18, 0xE6, 0x3D,
832 0x38, 0x9A, 0xE4, 0x43, 0x77, 0xDA, 0x18, 0xC5,
833 0x76, 0xB5, 0x0F, 0x00, 0x96, 0xCF, 0x34, 0x19,
834 0x54, 0x83, 0xB0, 0x05, 0x48, 0xC0, 0x98, 0x62,
835 0x36, 0xE3, 0xBC, 0x7C, 0xB8, 0xD6, 0x80, 0x1C,
836 0x04, 0x94, 0xCC, 0xD1, 0x99, 0xE5, 0xC5, 0xBD,
837 0x0D, 0x0E, 0xDC, 0x9E, 0xB8, 0xA0, 0x00, 0x1E,
838 0x15, 0x27, 0x67, 0x54, 0xFC, 0xC6, 0x85, 0x66,
839 0x05, 0x41, 0x48, 0xE6, 0xE7, 0x64, 0xBE, 0xE7,
840 0xC7, 0x64, 0xDA, 0xAD, 0x3F, 0xC4, 0x52, 0x35,
841 0xA6, 0xDA, 0xD4, 0x28, 0xFA, 0x20, 0xC1, 0x70,
842 0xE3, 0x45, 0x00, 0x3F, 0x2F, 0x06, 0xEC, 0x81,
843 0x05, 0xFE, 0xB2, 0x5B, 0x22, 0x81, 0xB6, 0x3D,
844 0x27, 0x33, 0xBE, 0x96, 0x1C, 0x29, 0x95, 0x1D,
845 0x11, 0xDD, 0x22, 0x21, 0x65, 0x7A, 0x9F, 0x53,
846 0x1D, 0xDA, 0x2A, 0x19, 0x4D, 0xBB, 0x12, 0x64,
847 0x48, 0xBD, 0xEE, 0xB2, 0x58, 0xE0, 0x7E, 0xA6,
848 0x59, 0xC7, 0x46, 0x19, 0xA6, 0x38, 0x0E, 0x1D,
849 0x66, 0xD6, 0x83, 0x2B, 0xFE, 0x67, 0xF6, 0x38,
850 0xCD, 0x8F, 0xAE, 0x1F, 0x27, 0x23, 0x02, 0x0F,
851 0x9C, 0x40, 0xA3, 0xFD, 0xA6, 0x7E, 0xDA, 0x3B,
852 0xD2, 0x92, 0x38, 0xFB, 0xD4, 0xD4, 0xB4, 0x88,
853 0x5C, 0x2A, 0x99, 0x17, 0x6D, 0xB1, 0xA0, 0x6C,
854 0x50, 0x07, 0x78, 0x49, 0x1A, 0x82, 0x88, 0xF1,
855 0x85, 0x5F, 0x60, 0xFF, 0xFC, 0xF1, 0xD1, 0x37,
856 0x3F, 0xD9, 0x4F, 0xC6, 0x0C, 0x18, 0x11, 0xE1,
857 0xAC, 0x3F, 0x1C, 0x6D, 0x00, 0x3B, 0xEC, 0xDA,
858 0x3B, 0x1F, 0x27, 0x25, 0xCA, 0x59, 0x5D, 0xE0,
859 0xCA, 0x63, 0x32, 0x8F, 0x3B, 0xE5, 0x7C, 0xC9,
860 0x77, 0x55, 0x60, 0x11, 0x95, 0x14, 0x0D, 0xFB,
861 0x59, 0xD3, 0x9C, 0xE0, 0x91, 0x30, 0x8B, 0x41,
862 0x05, 0x74, 0x6D, 0xAC, 0x23, 0xD3, 0x3E, 0x5F,
863 0x7C, 0xE4, 0x84, 0x8D, 0xA3, 0x16, 0xA9, 0xC6,
864 0x6B, 0x95, 0x81, 0xBA, 0x35, 0x73, 0xBF, 0xAF,
865 0x31, 0x14, 0x96, 0x18, 0x8A, 0xB1, 0x54, 0x23,
866 0x28, 0x2E, 0xE4, 0x16, 0xDC, 0x2A, 0x19, 0xC5,
867 0x72, 0x4F, 0xA9, 0x1A, 0xE4, 0xAD, 0xC8, 0x8B,
868 0xC6, 0x67, 0x96, 0xEA, 0xE5, 0x67, 0x7A, 0x01,
869 0xF6, 0x4E, 0x8C, 0x08, 0x63, 0x13, 0x95, 0x82,
870 0x2D, 0x9D, 0xB8, 0xFC, 0xEE, 0x35, 0xC0, 0x6B,
871 0x1F, 0xEE, 0xA5, 0x47, 0x4D, 0x6D, 0x8F, 0x34,
872 0xB1, 0x53, 0x4A, 0x93, 0x6A, 0x18, 0xB0, 0xE0,
873 0xD2, 0x0E, 0xAB, 0x86, 0xBC, 0x9C, 0x6D, 0x6A,
874 0x52, 0x07, 0x19, 0x4E, 0x67, 0xFA, 0x35, 0x55,
875 0x1B, 0x56, 0x80, 0x26, 0x7B, 0x00, 0x64, 0x1C,
876 0x0F, 0x21, 0x2D, 0x18, 0xEC, 0xA8, 0xD7, 0x32,
877 0x7E, 0xD9, 0x1F, 0xE7, 0x64, 0xA8, 0x4E, 0xA1,
878 0xB4, 0x3F, 0xF5, 0xB4, 0xF6, 0xE8, 0xE6, 0x2F,
879 0x05, 0xC6, 0x61, 0xDE, 0xFB, 0x25, 0x88, 0x77,
880 0xC3, 0x5B, 0x18, 0xA1, 0x51, 0xD5, 0xC4, 0x14,
881 0xAA, 0xAD, 0x97, 0xBA, 0x3E, 0x49, 0x93, 0x32,
882 0xE5, 0x96, 0x07, 0x8E, 0x60, 0x0D, 0xEB, 0x81,
883 0x14, 0x9C, 0x44, 0x1C, 0xE9, 0x57, 0x82, 0xF2,
884 0x2A, 0x28, 0x25, 0x63, 0xC5, 0xBA, 0xC1, 0x41,
885 0x14, 0x23, 0x60, 0x5D, 0x1A, 0xE1, 0xAF, 0xAE,
886 0x2C, 0x8B, 0x06, 0x60, 0x23, 0x7E, 0xC1, 0x28,
887 0xAA, 0x0F, 0xE3, 0x46, 0x4E, 0x43, 0x58, 0x11,
888 0x5D, 0xB8, 0x4C, 0xC3, 0xB5, 0x23, 0x07, 0x3A,
889 0x28, 0xD4, 0x54, 0x98, 0x84, 0xB8, 0x1F, 0xF7,
890 0x0E, 0x10, 0xBF, 0x36, 0x1C, 0x13, 0x72, 0x96,
891 0x28, 0xD5, 0x34, 0x8F, 0x07, 0x21, 0x1E, 0x7E,
892 0x4C, 0xF4, 0xF1, 0x8B, 0x28, 0x60, 0x90, 0xBD,
893 0xB1, 0x24, 0x0B, 0x66, 0xD6, 0xCD, 0x4A, 0xFC,
894 0xEA, 0xDC, 0x00, 0xCA, 0x44, 0x6C, 0xE0, 0x50,
895 0x50, 0xFF, 0x18, 0x3A, 0xD2, 0xBB, 0xF1, 0x18,
896 0xC1, 0xFC, 0x0E, 0xA5, 0x1F, 0x97, 0xD2, 0x2B,
897 0x8F, 0x7E, 0x46, 0x70, 0x5D, 0x45, 0x27, 0xF4,
898 0x5B, 0x42, 0xAE, 0xFF, 0x39, 0x58, 0x53, 0x37,
899 0x6F, 0x69, 0x7D, 0xD5, 0xFD, 0xF2, 0xC5, 0x18,
900 0x7D, 0x7D, 0x5F, 0x0E, 0x2E, 0xB8, 0xD4, 0x3F,
901 0x17, 0xBA, 0x0F, 0x7C, 0x60, 0xFF, 0x43, 0x7F,
902 0x53, 0x5D, 0xFE, 0xF2, 0x98, 0x33, 0xBF, 0x86,
903 0xCB, 0xE8, 0x8E, 0xA4, 0xFB, 0xD4, 0x22, 0x1E,
904 0x84, 0x11, 0x72, 0x83, 0x54, 0xFA, 0x30, 0xA7,
905 0x00, 0x8F, 0x15, 0x4A, 0x41, 0xC7, 0xFC, 0x46,
906 0x6B, 0x46, 0x45, 0xDB, 0xE2, 0xE3, 0x21, 0x26,
907 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
908};
909#endif /* HAVE_FFDHE_Q */
910
911const DhParams* wc_Dh_ffdhe8192_Get(void)
912{
913 static const DhParams ffdhe8192 = {
914 #ifdef HAVE_FFDHE_Q
915 dh_ffdhe8192_q, sizeof(dh_ffdhe8192_q),
916 #endif /* HAVE_FFDHE_Q */
917 dh_ffdhe8192_p, sizeof(dh_ffdhe8192_p),
918 dh_ffdhe8192_g, sizeof(dh_ffdhe8192_g)
919 };
920 return &ffdhe8192;
921}
922#endif
923
924int wc_InitDhKey_ex(DhKey* key, void* heap, int devId)
925{
926 int ret = 0;
927
928 if (key == NULL)
929 return BAD_FUNC_ARG;
930
931 key->heap = heap; /* for XMALLOC/XFREE in future */
932
933#if !defined(WOLFSSL_QT) && !defined(OPENSSL_ALL)
934 if (mp_init_multi(&key->p, &key->g, &key->q, NULL, NULL, NULL) != MP_OKAY)
935#else
936 if (mp_init_multi(&key->p,&key->g,&key->q,&key->pub,&key->priv,NULL) != MP_OKAY)
937#endif
938 return MEMORY_E;
939
940#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_DH)
941 /* handle as async */
942 ret = wolfAsync_DevCtxInit(&key->asyncDev, WOLFSSL_ASYNC_MARKER_DH,
943 key->heap, devId);
944#else
945 (void)devId;
946#endif
947
948 return ret;
949}
950
951int wc_InitDhKey(DhKey* key)
952{
953 return wc_InitDhKey_ex(key, NULL, INVALID_DEVID);
954}
955
956
957int wc_FreeDhKey(DhKey* key)
958{
959 if (key) {
960 mp_clear(&key->p);
961 mp_clear(&key->g);
962 mp_clear(&key->q);
963
964 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_DH)
965 wolfAsync_DevCtxFree(&key->asyncDev, WOLFSSL_ASYNC_MARKER_DH);
966 #endif
967 }
968 return 0;
969}
970
971
972#ifndef WC_NO_RNG
973/* if defined to not use floating point values do not compile in */
974#ifndef WOLFSSL_DH_CONST
975 static word32 DiscreteLogWorkFactor(word32 n)
976 {
977 /* assuming discrete log takes about the same time as factoring */
978 if (n < 5)
979 return 0;
980 else
981 return (word32)(2.4 * XPOW((double)n, 1.0/3.0) *
982 XPOW(XLOG((double)n), 2.0/3.0) - 5);
983 }
984#endif /* WOLFSSL_DH_CONST*/
985
986
987/* if not using fixed points use DiscreteLogWorkFactor function for unusual size
988 otherwise round up on size needed */
989#ifndef WOLFSSL_DH_CONST
990 #define WOLFSSL_DH_ROUND(x)
991#else
992 #define WOLFSSL_DH_ROUND(x) \
993 do { \
994 if (x % 128) { \
995 x &= 0xffffff80;\
996 x += 128; \
997 } \
998 } \
999 while (0)
1000#endif
1001
1002
1003#ifndef WOLFSSL_NO_DH186
1004/* validate that (L,N) match allowed sizes from SP 800-56A, Section 5.5.1.1.
1005 * modLen - represents L, the size of p in bits
1006 * divLen - represents N, the size of q in bits
1007 * return 0 on success, -1 on error */
1008static int CheckDhLN(int modLen, int divLen)
1009{
1010 int ret = -1;
1011
1012 switch (modLen) {
1013 /* FA */
1014 case 1024:
1015 if (divLen == 160)
1016 ret = 0;
1017 break;
1018 /* FB, FC */
1019 case 2048:
1020 if (divLen == 224 || divLen == 256)
1021 ret = 0;
1022 break;
1023 default:
1024 break;
1025 }
1026
1027 return ret;
1028}
1029
1030
1031/* Create DH private key
1032 *
1033 * Based on NIST FIPS 186-4,
1034 * "B.1.1 Key Pair Generation Using Extra Random Bits"
1035 *
1036 * dh - pointer to initialized DhKey structure, needs to have dh->q
1037 * rng - pointer to initialized WC_RNG structure
1038 * priv - output location for generated private key
1039 * privSz - IN/OUT, size of priv buffer, size of generated private key
1040 *
1041 * return 0 on success, negative on error */
1042static int GeneratePrivateDh186(DhKey* key, WC_RNG* rng, byte* priv,
1043 word32* privSz)
1044{
1045 byte* cBuf;
1046 int qSz, pSz, cSz, err;
1047#ifdef WOLFSSL_SMALL_STACK
1048 mp_int* tmpQ = NULL;
1049 mp_int* tmpX = NULL;
1050#else
1051 mp_int tmpQ[1], tmpX[1];
1052#endif
1053
1054 /* Parameters validated in calling functions. */
1055
1056 if (mp_iszero(&key->q) == MP_YES) {
1057 WOLFSSL_MSG("DH q parameter needed for FIPS 186-4 key generation");
1058 return BAD_FUNC_ARG;
1059 }
1060
1061 qSz = mp_unsigned_bin_size(&key->q);
1062 pSz = mp_unsigned_bin_size(&key->p);
1063
1064 /* verify (L,N) pair bit lengths */
1065 if (CheckDhLN(pSz * WOLFSSL_BIT_SIZE, qSz * WOLFSSL_BIT_SIZE) != 0) {
1066 WOLFSSL_MSG("DH param sizes do not match SP 800-56A requirements");
1067 return BAD_FUNC_ARG;
1068 }
1069
1070 /* generate extra 64 bits so that bias from mod function is negligible */
1071 cSz = qSz + (64 / WOLFSSL_BIT_SIZE);
1072 cBuf = (byte*)XMALLOC(cSz, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
1073 if (cBuf == NULL) {
1074 return MEMORY_E;
1075 }
1076#ifdef WOLFSSL_SMALL_STACK
1077 tmpQ = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
1078 if (tmpQ == NULL) {
1079 XFREE(cBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
1080 return MEMORY_E;
1081 }
1082 tmpX = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
1083 if (tmpX == NULL) {
1084 XFREE(cBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
1085 XFREE(tmpQ, key->heap, DYNAMIC_TYPE_DH);
1086 return MEMORY_E;
1087 }
1088#endif
1089
1090
1091 if ((err = mp_init_multi(tmpX, tmpQ, NULL, NULL, NULL, NULL))
1092 != MP_OKAY) {
1093 XFREE(cBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
1094#ifdef WOLFSSL_SMALL_STACK
1095 XFREE(tmpQ, key->heap, DYNAMIC_TYPE_DH);
1096 XFREE(tmpX, key->heap, DYNAMIC_TYPE_DH);
1097#endif
1098 return err;
1099 }
1100
1101 do {
1102 /* generate N+64 bits (c) from RBG into tmpX, making sure positive.
1103 * Hash_DRBG uses SHA-256 which matches maximum
1104 * requested_security_strength of (L,N) */
1105 err = wc_RNG_GenerateBlock(rng, cBuf, cSz);
1106 if (err == MP_OKAY)
1107 err = mp_read_unsigned_bin(tmpX, cBuf, cSz);
1108 if (err != MP_OKAY) {
1109 mp_clear(tmpX);
1110 mp_clear(tmpQ);
1111 XFREE(cBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
1112#ifdef WOLFSSL_SMALL_STACK
1113 XFREE(tmpQ, key->heap, DYNAMIC_TYPE_DH);
1114 XFREE(tmpX, key->heap, DYNAMIC_TYPE_DH);
1115#endif
1116 return err;
1117 }
1118 } while (mp_cmp_d(tmpX, 1) != MP_GT);
1119
1120 ForceZero(cBuf, cSz);
1121 XFREE(cBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
1122
1123 /* tmpQ = q - 1 */
1124 if (err == MP_OKAY)
1125 err = mp_copy(&key->q, tmpQ);
1126
1127 if (err == MP_OKAY)
1128 err = mp_sub_d(tmpQ, 1, tmpQ);
1129
1130 /* x = c mod (q-1), tmpX holds c */
1131 if (err == MP_OKAY)
1132 err = mp_mod(tmpX, tmpQ, tmpX);
1133
1134 /* x = c mod (q-1) + 1 */
1135 if (err == MP_OKAY)
1136 err = mp_add_d(tmpX, 1, tmpX);
1137
1138 /* copy tmpX into priv */
1139 if (err == MP_OKAY) {
1140 pSz = mp_unsigned_bin_size(tmpX);
1141 if (pSz > (int)*privSz) {
1142 WOLFSSL_MSG("DH private key output buffer too small");
1143 err = BAD_FUNC_ARG;
1144 } else {
1145 *privSz = pSz;
1146 err = mp_to_unsigned_bin(tmpX, priv);
1147 }
1148 }
1149
1150 mp_forcezero(tmpX);
1151 mp_clear(tmpX);
1152 mp_clear(tmpQ);
1153#ifdef WOLFSSL_SMALL_STACK
1154 XFREE(tmpQ, key->heap, DYNAMIC_TYPE_DH);
1155 XFREE(tmpX, key->heap, DYNAMIC_TYPE_DH);
1156#endif
1157
1158 return err;
1159}
1160#endif /* WOLFSSL_NO_DH186 */
1161#endif /* !WC_NO_RNG */
1162
1163static int GeneratePrivateDh(DhKey* key, WC_RNG* rng, byte* priv,
1164 word32* privSz)
1165{
1166#ifndef WC_NO_RNG
1167 int ret = 0;
1168 word32 sz = 0;
1169
1170#ifndef WOLFSSL_NO_DH186
1171 if (mp_iszero(&key->q) == MP_NO) {
1172
1173 /* q param available, use NIST FIPS 186-4, "B.1.1 Key Pair
1174 * Generation Using Extra Random Bits" */
1175 ret = GeneratePrivateDh186(key, rng, priv, privSz);
1176
1177 } else
1178#endif
1179 {
1180
1181 sz = mp_unsigned_bin_size(&key->p);
1182
1183 /* Table of predetermined values from the operation
1184 2 * DiscreteLogWorkFactor(sz * WOLFSSL_BIT_SIZE) /
1185 WOLFSSL_BIT_SIZE + 1
1186 Sizes in table checked against RFC 3526
1187 */
1188 WOLFSSL_DH_ROUND(sz); /* if using fixed points only, then round up */
1189 switch (sz) {
1190 case 128: sz = 21; break;
1191 case 256: sz = 29; break;
1192 case 384: sz = 34; break;
1193 case 512: sz = 39; break;
1194 case 640: sz = 42; break;
1195 case 768: sz = 46; break;
1196 case 896: sz = 49; break;
1197 case 1024: sz = 52; break;
1198 default:
1199 #ifndef WOLFSSL_DH_CONST
1200 /* if using floating points and size of p is not in table */
1201 sz = min(sz, 2 * DiscreteLogWorkFactor(sz * WOLFSSL_BIT_SIZE) /
1202 WOLFSSL_BIT_SIZE + 1);
1203 break;
1204 #else
1205 return BAD_FUNC_ARG;
1206 #endif
1207 }
1208
1209 ret = wc_RNG_GenerateBlock(rng, priv, sz);
1210
1211 if (ret == 0) {
1212 priv[0] |= 0x0C;
1213 *privSz = sz;
1214 }
1215 }
1216
1217 return ret;
1218#else
1219 (void)key;
1220 (void)rng;
1221 (void)priv;
1222 (void)privSz;
1223 return NOT_COMPILED_IN;
1224#endif /* WC_NO_RNG */
1225}
1226
1227
1228static int GeneratePublicDh(DhKey* key, byte* priv, word32 privSz,
1229 byte* pub, word32* pubSz)
1230{
1231 int ret = 0;
1232#ifndef WOLFSSL_SP_MATH
1233#ifdef WOLFSSL_SMALL_STACK
1234 mp_int* x;
1235 mp_int* y;
1236#else
1237 mp_int x[1];
1238 mp_int y[1];
1239#endif
1240#endif
1241
1242#ifdef WOLFSSL_HAVE_SP_DH
1243#ifndef WOLFSSL_SP_NO_2048
1244 if (mp_count_bits(&key->p) == 2048)
1245 return sp_DhExp_2048(&key->g, priv, privSz, &key->p, pub, pubSz);
1246#endif
1247#ifndef WOLFSSL_SP_NO_3072
1248 if (mp_count_bits(&key->p) == 3072)
1249 return sp_DhExp_3072(&key->g, priv, privSz, &key->p, pub, pubSz);
1250#endif
1251#ifdef WOLFSSL_SP_4096
1252 if (mp_count_bits(&key->p) == 4096)
1253 return sp_DhExp_4096(&key->g, priv, privSz, &key->p, pub, pubSz);
1254#endif
1255#endif
1256
1257#ifndef WOLFSSL_SP_MATH
1258#ifdef WOLFSSL_SMALL_STACK
1259 x = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
1260 if (x == NULL)
1261 return MEMORY_E;
1262 y = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
1263 if (y == NULL) {
1264 XFREE(x, key->heap, DYNAMIC_TYPE_DH);
1265 return MEMORY_E;
1266 }
1267#endif
1268 if (mp_init_multi(x, y, 0, 0, 0, 0) != MP_OKAY) {
1269 #ifdef WOLFSSL_SMALL_STACK
1270 XFREE(y, key->heap, DYNAMIC_TYPE_DH);
1271 XFREE(x, key->heap, DYNAMIC_TYPE_DH);
1272 #endif
1273 return MP_INIT_E;
1274 }
1275
1276 if (mp_read_unsigned_bin(x, priv, privSz) != MP_OKAY)
1277 ret = MP_READ_E;
1278
1279 if (ret == 0 && mp_exptmod(&key->g, x, &key->p, y) != MP_OKAY)
1280 ret = MP_EXPTMOD_E;
1281
1282 if (ret == 0 && mp_to_unsigned_bin(y, pub) != MP_OKAY)
1283 ret = MP_TO_E;
1284
1285 if (ret == 0)
1286 *pubSz = mp_unsigned_bin_size(y);
1287
1288 mp_clear(y);
1289 mp_clear(x);
1290#ifdef WOLFSSL_SMALL_STACK
1291 XFREE(y, key->heap, DYNAMIC_TYPE_DH);
1292 XFREE(x, key->heap, DYNAMIC_TYPE_DH);
1293#endif
1294#else
1295 ret = WC_KEY_SIZE_E;
1296#endif
1297
1298 return ret;
1299}
1300
1301static int wc_DhGenerateKeyPair_Sync(DhKey* key, WC_RNG* rng,
1302 byte* priv, word32* privSz, byte* pub, word32* pubSz)
1303{
1304 int ret;
1305
1306 if (key == NULL || rng == NULL || priv == NULL || privSz == NULL ||
1307 pub == NULL || pubSz == NULL) {
1308 return BAD_FUNC_ARG;
1309 }
1310
1311 ret = GeneratePrivateDh(key, rng, priv, privSz);
1312
1313 return (ret != 0) ? ret : GeneratePublicDh(key, priv, *privSz, pub, pubSz);
1314}
1315
1316#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_DH)
1317static int wc_DhGenerateKeyPair_Async(DhKey* key, WC_RNG* rng,
1318 byte* priv, word32* privSz, byte* pub, word32* pubSz)
1319{
1320 int ret;
1321
1322#if defined(HAVE_INTEL_QA)
1323 word32 pBits;
1324
1325 /* QAT DH sizes: 768, 1024, 1536, 2048, 3072 and 4096 bits */
1326 pBits = mp_unsigned_bin_size(&key->p) * 8;
1327 if (pBits == 768 || pBits == 1024 || pBits == 1536 ||
1328 pBits == 2048 || pBits == 3072 || pBits == 4096) {
1329 mp_int x;
1330
1331 ret = mp_init(&x);
1332 if (ret != MP_OKAY)
1333 return ret;
1334
1335 ret = GeneratePrivateDh(key, rng, priv, privSz);
1336 if (ret == 0)
1337 ret = mp_read_unsigned_bin(&x, priv, *privSz);
1338 if (ret == MP_OKAY)
1339 ret = wc_mp_to_bigint(&x, &x.raw);
1340 if (ret == MP_OKAY)
1341 ret = wc_mp_to_bigint(&key->p, &key->p.raw);
1342 if (ret == MP_OKAY)
1343 ret = wc_mp_to_bigint(&key->g, &key->g.raw);
1344 if (ret == MP_OKAY)
1345 ret = IntelQaDhKeyGen(&key->asyncDev, &key->p.raw, &key->g.raw,
1346 &x.raw, pub, pubSz);
1347 mp_clear(&x);
1348
1349 return ret;
1350 }
1351
1352#elif defined(HAVE_CAVIUM)
1353 /* TODO: Not implemented - use software for now */
1354
1355#else /* WOLFSSL_ASYNC_CRYPT_TEST */
1356 if (wc_AsyncTestInit(&key->asyncDev, ASYNC_TEST_DH_GEN)) {
1357 WC_ASYNC_TEST* testDev = &key->asyncDev.test;
1358 testDev->dhGen.key = key;
1359 testDev->dhGen.rng = rng;
1360 testDev->dhGen.priv = priv;
1361 testDev->dhGen.privSz = privSz;
1362 testDev->dhGen.pub = pub;
1363 testDev->dhGen.pubSz = pubSz;
1364 return WC_PENDING_E;
1365 }
1366#endif
1367
1368 /* otherwise use software DH */
1369 ret = wc_DhGenerateKeyPair_Sync(key, rng, priv, privSz, pub, pubSz);
1370
1371 return ret;
1372}
1373#endif /* WOLFSSL_ASYNC_CRYPT && WC_ASYNC_ENABLE_DH */
1374
1375
1376/* Check DH Public Key for invalid numbers, optionally allowing
1377 * the public key to be checked against the large prime (q).
1378 * Check per process in SP 800-56Ar3, section 5.6.2.3.1.
1379 *
1380 * key DH key group parameters.
1381 * pub Public Key.
1382 * pubSz Public Key size.
1383 * prime Large prime (q), optionally NULL to skip check
1384 * primeSz Size of large prime
1385 *
1386 * returns 0 on success or error code
1387 */
1388int wc_DhCheckPubKey_ex(DhKey* key, const byte* pub, word32 pubSz,
1389 const byte* prime, word32 primeSz)
1390{
1391 int ret = 0;
1392#ifdef WOLFSSL_SMALL_STACK
1393 mp_int* y = NULL;
1394 mp_int* p = NULL;
1395 mp_int* q = NULL;
1396#else
1397 mp_int y[1];
1398 mp_int p[1];
1399 mp_int q[1];
1400#endif
1401
1402 if (key == NULL || pub == NULL) {
1403 return BAD_FUNC_ARG;
1404 }
1405
1406#ifdef WOLFSSL_SMALL_STACK
1407 y = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
1408 if (y == NULL)
1409 return MEMORY_E;
1410 p = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
1411 if (p == NULL) {
1412 XFREE(y, key->heap, DYNAMIC_TYPE_DH);
1413 return MEMORY_E;
1414 }
1415 q = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
1416 if (q == NULL) {
1417 XFREE(p, key->heap, DYNAMIC_TYPE_DH);
1418 XFREE(y, key->heap, DYNAMIC_TYPE_DH);
1419 return MEMORY_E;
1420 }
1421#endif
1422
1423 if (mp_init_multi(y, p, q, NULL, NULL, NULL) != MP_OKAY) {
1424 #ifdef WOLFSSL_SMALL_STACK
1425 XFREE(q, key->heap, DYNAMIC_TYPE_DH);
1426 XFREE(p, key->heap, DYNAMIC_TYPE_DH);
1427 XFREE(y, key->heap, DYNAMIC_TYPE_DH);
1428 #endif
1429 return MP_INIT_E;
1430 }
1431
1432 if (mp_read_unsigned_bin(y, pub, pubSz) != MP_OKAY) {
1433 ret = MP_READ_E;
1434 }
1435
1436 if (ret == 0 && prime != NULL) {
1437 if (mp_read_unsigned_bin(q, prime, primeSz) != MP_OKAY)
1438 ret = MP_READ_E;
1439
1440 } else if (mp_iszero(&key->q) == MP_NO) {
1441 /* use q available in DhKey */
1442 if (mp_copy(&key->q, q) != MP_OKAY)
1443 ret = MP_INIT_E;
1444 }
1445
1446 /* SP 800-56Ar3, section 5.6.2.3.1, process step 1 */
1447 /* pub (y) should not be 0 or 1 */
1448 if (ret == 0 && mp_cmp_d(y, 2) == MP_LT) {
1449 ret = MP_CMP_E;
1450 }
1451
1452 /* pub (y) shouldn't be greater than or equal to p - 1 */
1453 if (ret == 0 && mp_copy(&key->p, p) != MP_OKAY) {
1454 ret = MP_INIT_E;
1455 }
1456 if (ret == 0 && mp_sub_d(p, 2, p) != MP_OKAY) {
1457 ret = MP_SUB_E;
1458 }
1459 if (ret == 0 && mp_cmp(y, p) == MP_GT) {
1460 ret = MP_CMP_E;
1461 }
1462
1463 if (ret == 0 && (prime != NULL || (mp_iszero(&key->q) == MP_NO) )) {
1464
1465 /* restore key->p into p */
1466 if (mp_copy(&key->p, p) != MP_OKAY)
1467 ret = MP_INIT_E;
1468 }
1469
1470 if (ret == 0 && prime != NULL) {
1471#ifdef WOLFSSL_HAVE_SP_DH
1472#ifndef WOLFSSL_SP_NO_2048
1473 if (mp_count_bits(&key->p) == 2048) {
1474 ret = sp_ModExp_2048(y, q, p, y);
1475 if (ret != 0)
1476 ret = MP_EXPTMOD_E;
1477 }
1478 else
1479#endif
1480#ifndef WOLFSSL_SP_NO_3072
1481 if (mp_count_bits(&key->p) == 3072) {
1482 ret = sp_ModExp_3072(y, q, p, y);
1483 if (ret != 0)
1484 ret = MP_EXPTMOD_E;
1485 }
1486 else
1487#endif
1488#ifdef WOLFSSL_SP_NO_4096
1489 if (mp_count_bits(&key->p) == 4096) {
1490 ret = sp_ModExp_4096(y, q, p, y);
1491 if (ret != 0)
1492 ret = MP_EXPTMOD_E;
1493 }
1494 else
1495#endif
1496#endif
1497
1498 {
1499 /* SP 800-56Ar3, section 5.6.2.3.1, process step 2 */
1500#ifndef WOLFSSL_SP_MATH
1501 /* calculate (y^q) mod(p), store back into y */
1502 if (mp_exptmod(y, q, p, y) != MP_OKAY)
1503 ret = MP_EXPTMOD_E;
1504#else
1505 ret = WC_KEY_SIZE_E;
1506#endif
1507 }
1508
1509 /* verify above == 1 */
1510 if (ret == 0 && mp_cmp_d(y, 1) != MP_EQ)
1511 ret = MP_CMP_E;
1512 }
1513
1514 mp_clear(y);
1515 mp_clear(p);
1516 mp_clear(q);
1517#ifdef WOLFSSL_SMALL_STACK
1518 XFREE(q, key->heap, DYNAMIC_TYPE_DH);
1519 XFREE(p, key->heap, DYNAMIC_TYPE_DH);
1520 XFREE(y, key->heap, DYNAMIC_TYPE_DH);
1521#endif
1522
1523 return ret;
1524}
1525
1526
1527/* Check DH Public Key for invalid numbers
1528 *
1529 * key DH key group parameters.
1530 * pub Public Key.
1531 * pubSz Public Key size.
1532 *
1533 * returns 0 on success or error code
1534 */
1535int wc_DhCheckPubKey(DhKey* key, const byte* pub, word32 pubSz)
1536{
1537 return wc_DhCheckPubKey_ex(key, pub, pubSz, NULL, 0);
1538}
1539
1540
1541/**
1542 * Quick validity check of public key value against prime.
1543 * Checks are:
1544 * - Public key not 0 or 1
1545 * - Public key not equal to prime or prime - 1
1546 * - Public key not bigger than prime.
1547 *
1548 * prime Big-endian encoding of prime in bytes.
1549 * primeSz Size of prime in bytes.
1550 * pub Big-endian encoding of public key in bytes.
1551 * pubSz Size of public key in bytes.
1552 */
1553int wc_DhCheckPubValue(const byte* prime, word32 primeSz, const byte* pub,
1554 word32 pubSz)
1555{
1556 int ret = 0;
1557 word32 i;
1558
1559 for (i = 0; i < pubSz && pub[i] == 0; i++) {
1560 }
1561 pubSz -= i;
1562 pub += i;
1563
1564 if (pubSz == 0 || (pubSz == 1 && pub[0] == 1))
1565 ret = MP_VAL;
1566 else if (pubSz == primeSz) {
1567 for (i = 0; i < pubSz-1 && pub[i] == prime[i]; i++) {
1568 }
1569 if (i == pubSz-1 && (pub[i] == prime[i] || pub[i] == prime[i] - 1))
1570 ret = MP_VAL;
1571 else if (pub[i] > prime[i])
1572 ret = MP_VAL;
1573 }
1574 else if (pubSz > primeSz)
1575 ret = MP_VAL;
1576
1577 return ret;
1578}
1579
1580
1581/* Check DH Private Key for invalid numbers, optionally allowing
1582 * the private key to be checked against the large prime (q).
1583 * Check per process in SP 800-56Ar3, section 5.6.2.1.2.
1584 *
1585 * key DH key group parameters.
1586 * priv Private Key.
1587 * privSz Private Key size.
1588 * prime Large prime (q), optionally NULL to skip check
1589 * primeSz Size of large prime
1590 *
1591 * returns 0 on success or error code
1592 */
1593int wc_DhCheckPrivKey_ex(DhKey* key, const byte* priv, word32 privSz,
1594 const byte* prime, word32 primeSz)
1595{
1596 int ret = 0;
1597#ifdef WOLFSSL_SMALL_STACK
1598 mp_int* x = NULL;
1599 mp_int* q = NULL;
1600#else
1601 mp_int x[1];
1602 mp_int q[1];
1603#endif
1604
1605 if (key == NULL || priv == NULL) {
1606 return BAD_FUNC_ARG;
1607 }
1608
1609#ifdef WOLFSSL_SMALL_STACK
1610 x = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
1611 if (x == NULL)
1612 return MEMORY_E;
1613 q = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
1614 if (q == NULL) {
1615 XFREE(x, key->heap, DYNAMIC_TYPE_DH);
1616 return MEMORY_E;
1617 }
1618#endif
1619
1620 if (mp_init_multi(x, q, NULL, NULL, NULL, NULL) != MP_OKAY) {
1621 #ifdef WOLFSSL_SMALL_STACK
1622 XFREE(q, key->heap, DYNAMIC_TYPE_DH);
1623 XFREE(x, key->heap, DYNAMIC_TYPE_DH);
1624 #endif
1625 return MP_INIT_E;
1626 }
1627
1628 if (mp_read_unsigned_bin(x, priv, privSz) != MP_OKAY) {
1629 ret = MP_READ_E;
1630 }
1631
1632 if (ret == 0) {
1633 if (prime != NULL) {
1634 if (mp_read_unsigned_bin(q, prime, primeSz) != MP_OKAY)
1635 ret = MP_READ_E;
1636 }
1637 else if (mp_iszero(&key->q) == MP_NO) {
1638 /* use q available in DhKey */
1639 if (mp_copy(&key->q, q) != MP_OKAY)
1640 ret = MP_INIT_E;
1641 }
1642 }
1643
1644 /* priv (x) should not be 0 */
1645 if (ret == 0) {
1646 if (mp_cmp_d(x, 0) == MP_EQ)
1647 ret = MP_CMP_E;
1648 }
1649
1650 if (ret == 0) {
1651 if (mp_iszero(q) == MP_NO) {
1652 /* priv (x) shouldn't be greater than q - 1 */
1653 if (ret == 0) {
1654 if (mp_copy(&key->q, q) != MP_OKAY)
1655 ret = MP_INIT_E;
1656 }
1657 if (ret == 0) {
1658 if (mp_sub_d(q, 1, q) != MP_OKAY)
1659 ret = MP_SUB_E;
1660 }
1661 if (ret == 0) {
1662 if (mp_cmp(x, q) == MP_GT)
1663 ret = DH_CHECK_PRIV_E;
1664 }
1665 }
1666 }
1667
1668 mp_clear(x);
1669 mp_clear(q);
1670#ifdef WOLFSSL_SMALL_STACK
1671 XFREE(q, key->heap, DYNAMIC_TYPE_DH);
1672 XFREE(x, key->heap, DYNAMIC_TYPE_DH);
1673#endif
1674
1675 return ret;
1676}
1677
1678
1679/* Check DH Private Key for invalid numbers
1680 *
1681 * key DH key group parameters.
1682 * priv Private Key.
1683 * privSz Private Key size.
1684 *
1685 * returns 0 on success or error code
1686 */
1687int wc_DhCheckPrivKey(DhKey* key, const byte* priv, word32 privSz)
1688{
1689 return wc_DhCheckPrivKey_ex(key, priv, privSz, NULL, 0);
1690}
1691
1692
1693/* Check DH Keys for pair-wise consistency per process in
1694 * SP 800-56Ar3, section 5.6.2.1.4, method (b) for FFC.
1695 *
1696 * key DH key group parameters.
1697 * pub Public Key.
1698 * pubSz Public Key size.
1699 * priv Private Key.
1700 * privSz Private Key size.
1701 *
1702 * returns 0 on success or error code
1703 */
1704int wc_DhCheckKeyPair(DhKey* key, const byte* pub, word32 pubSz,
1705 const byte* priv, word32 privSz)
1706{
1707#ifdef WOLFSSL_SMALL_STACK
1708 mp_int* publicKey = NULL;
1709 mp_int* privateKey = NULL;
1710 mp_int* checkKey = NULL;
1711#else
1712 mp_int publicKey[1];
1713 mp_int privateKey[1];
1714 mp_int checkKey[1];
1715#endif
1716 int ret = 0;
1717
1718 if (key == NULL || pub == NULL || priv == NULL)
1719 return BAD_FUNC_ARG;
1720
1721#ifdef WOLFSSL_SMALL_STACK
1722 publicKey = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
1723 if (publicKey == NULL)
1724 return MEMORY_E;
1725 privateKey = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
1726 if (privateKey == NULL) {
1727 XFREE(publicKey, key->heap, DYNAMIC_TYPE_DH);
1728 return MEMORY_E;
1729 }
1730 checkKey = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
1731 if (checkKey == NULL) {
1732 XFREE(privateKey, key->heap, DYNAMIC_TYPE_DH);
1733 XFREE(publicKey, key->heap, DYNAMIC_TYPE_DH);
1734 return MEMORY_E;
1735 }
1736#endif
1737
1738 if (mp_init_multi(publicKey, privateKey, checkKey,
1739 NULL, NULL, NULL) != MP_OKAY) {
1740
1741 #ifdef WOLFSSL_SMALL_STACK
1742 XFREE(privateKey, key->heap, DYNAMIC_TYPE_DH);
1743 XFREE(publicKey, key->heap, DYNAMIC_TYPE_DH);
1744 XFREE(checkKey, key->heap, DYNAMIC_TYPE_DH);
1745 #endif
1746 return MP_INIT_E;
1747 }
1748
1749 /* Load the private and public keys into big integers. */
1750 if (mp_read_unsigned_bin(publicKey, pub, pubSz) != MP_OKAY ||
1751 mp_read_unsigned_bin(privateKey, priv, privSz) != MP_OKAY) {
1752
1753 ret = MP_READ_E;
1754 }
1755
1756 /* Calculate checkKey = g^privateKey mod p */
1757 if (ret == 0) {
1758#ifdef WOLFSSL_HAVE_SP_DH
1759#ifndef WOLFSSL_SP_NO_2048
1760 if (mp_count_bits(&key->p) == 2048) {
1761 ret = sp_ModExp_2048(&key->g, privateKey, &key->p, checkKey);
1762 if (ret != 0)
1763 ret = MP_EXPTMOD_E;
1764 }
1765 else
1766#endif
1767#ifndef WOLFSSL_SP_NO_3072
1768 if (mp_count_bits(&key->p) == 3072) {
1769 ret = sp_ModExp_3072(&key->g, privateKey, &key->p, checkKey);
1770 if (ret != 0)
1771 ret = MP_EXPTMOD_E;
1772 }
1773 else
1774#endif
1775#ifdef WOLFSSL_SP_4096
1776 if (mp_count_bits(&key->p) == 4096) {
1777 ret = sp_ModExp_4096(&key->g, privateKey, &key->p, checkKey);
1778 if (ret != 0)
1779 ret = MP_EXPTMOD_E;
1780 }
1781 else
1782#endif
1783#endif
1784 {
1785#ifndef WOLFSSL_SP_MATH
1786 if (mp_exptmod(&key->g, privateKey, &key->p, checkKey) != MP_OKAY)
1787 ret = MP_EXPTMOD_E;
1788#else
1789 ret = WC_KEY_SIZE_E;
1790#endif
1791 }
1792 }
1793
1794 /* Compare the calculated public key to the supplied check value. */
1795 if (ret == 0) {
1796 if (mp_cmp(checkKey, publicKey) != MP_EQ)
1797 ret = MP_CMP_E;
1798 }
1799
1800 mp_forcezero(privateKey);
1801 mp_clear(privateKey);
1802 mp_clear(publicKey);
1803 mp_clear(checkKey);
1804#ifdef WOLFSSL_SMALL_STACK
1805 XFREE(checkKey, key->heap, DYNAMIC_TYPE_DH);
1806 XFREE(privateKey, key->heap, DYNAMIC_TYPE_DH);
1807 XFREE(publicKey, key->heap, DYNAMIC_TYPE_DH);
1808#endif
1809
1810 return ret;
1811}
1812
1813
1814int wc_DhGenerateKeyPair(DhKey* key, WC_RNG* rng,
1815 byte* priv, word32* privSz, byte* pub, word32* pubSz)
1816{
1817 int ret;
1818
1819 if (key == NULL || rng == NULL || priv == NULL || privSz == NULL ||
1820 pub == NULL || pubSz == NULL) {
1821 return BAD_FUNC_ARG;
1822 }
1823
1824#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_DH)
1825 if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_DH) {
1826 ret = wc_DhGenerateKeyPair_Async(key, rng, priv, privSz, pub, pubSz);
1827 }
1828 else
1829#endif
1830 {
1831 ret = wc_DhGenerateKeyPair_Sync(key, rng, priv, privSz, pub, pubSz);
1832 }
1833
1834 return ret;
1835}
1836
1837
1838static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz,
1839 const byte* priv, word32 privSz, const byte* otherPub, word32 pubSz)
1840{
1841 int ret = 0;
1842#ifdef WOLFSSL_SMALL_STACK
1843 mp_int* y;
1844#ifndef WOLFSSL_SP_MATH
1845 mp_int* x;
1846 mp_int* z;
1847#endif
1848#else
1849 mp_int y[1];
1850#ifndef WOLFSSL_SP_MATH
1851 mp_int x[1];
1852 mp_int z[1];
1853#endif
1854#endif
1855
1856#ifdef WOLFSSL_VALIDATE_FFC_IMPORT
1857 if (wc_DhCheckPrivKey(key, priv, privSz) != 0) {
1858 WOLFSSL_MSG("wc_DhAgree wc_DhCheckPrivKey failed");
1859 return DH_CHECK_PRIV_E;
1860 }
1861
1862 if (wc_DhCheckPubKey(key, otherPub, pubSz) != 0) {
1863 WOLFSSL_MSG("wc_DhAgree wc_DhCheckPubKey failed");
1864 return DH_CHECK_PUB_E;
1865 }
1866#endif
1867
1868#ifdef WOLFSSL_SMALL_STACK
1869 y = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
1870 if (y == NULL)
1871 return MEMORY_E;
1872#ifndef WOLFSSL_SP_MATH
1873 x = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
1874 if (x == NULL) {
1875 XFREE(y, key->heap, DYNAMIC_TYPE_DH);
1876 return MEMORY_E;
1877 }
1878 z = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH);
1879 if (z == NULL) {
1880 XFREE(x, key->heap, DYNAMIC_TYPE_DH);
1881 XFREE(y, key->heap, DYNAMIC_TYPE_DH);
1882 return MEMORY_E;
1883 }
1884#endif
1885#endif
1886
1887#ifdef WOLFSSL_HAVE_SP_DH
1888#ifndef WOLFSSL_SP_NO_2048
1889 if (mp_count_bits(&key->p) == 2048) {
1890 if (mp_init(y) != MP_OKAY)
1891 return MP_INIT_E;
1892
1893 if (ret == 0 && mp_read_unsigned_bin(y, otherPub, pubSz) != MP_OKAY)
1894 ret = MP_READ_E;
1895
1896 if (ret == 0)
1897 ret = sp_DhExp_2048(y, priv, privSz, &key->p, agree, agreeSz);
1898
1899 mp_clear(y);
1900 #ifdef WOLFSSL_SMALL_STACK
1901 #ifndef WOLFSSL_SP_MATH
1902 XFREE(z, key->heap, DYNAMIC_TYPE_DH);
1903 XFREE(x, key->heap, DYNAMIC_TYPE_DH);
1904 #endif
1905 XFREE(y, key->heap, DYNAMIC_TYPE_DH);
1906 #endif
1907 return ret;
1908 }
1909#endif
1910#ifndef WOLFSSL_SP_NO_3072
1911 if (mp_count_bits(&key->p) == 3072) {
1912 if (mp_init(y) != MP_OKAY)
1913 return MP_INIT_E;
1914
1915 if (ret == 0 && mp_read_unsigned_bin(y, otherPub, pubSz) != MP_OKAY)
1916 ret = MP_READ_E;
1917
1918 if (ret == 0)
1919 ret = sp_DhExp_3072(y, priv, privSz, &key->p, agree, agreeSz);
1920
1921 mp_clear(y);
1922 #ifdef WOLFSSL_SMALL_STACK
1923 #ifndef WOLFSSL_SP_MATH
1924 XFREE(z, key->heap, DYNAMIC_TYPE_DH);
1925 XFREE(x, key->heap, DYNAMIC_TYPE_DH);
1926 #endif
1927 XFREE(y, key->heap, DYNAMIC_TYPE_DH);
1928 #endif
1929 return ret;
1930 }
1931#endif
1932#ifdef WOLFSSL_SP_4096
1933 if (mp_count_bits(&key->p) == 4096) {
1934 if (mp_init(y) != MP_OKAY)
1935 return MP_INIT_E;
1936
1937 if (ret == 0 && mp_read_unsigned_bin(y, otherPub, pubSz) != MP_OKAY)
1938 ret = MP_READ_E;
1939
1940 if (ret == 0)
1941 ret = sp_DhExp_4096(y, priv, privSz, &key->p, agree, agreeSz);
1942
1943 mp_clear(y);
1944 #ifdef WOLFSSL_SMALL_STACK
1945 #ifndef WOLFSSL_SP_MATH
1946 XFREE(z, key->heap, DYNAMIC_TYPE_DH);
1947 XFREE(x, key->heap, DYNAMIC_TYPE_DH);
1948 #endif
1949 XFREE(y, key->heap, DYNAMIC_TYPE_DH);
1950 #endif
1951 return ret;
1952 }
1953#endif
1954#endif
1955
1956#ifndef WOLFSSL_SP_MATH
1957 if (mp_init_multi(x, y, z, 0, 0, 0) != MP_OKAY) {
1958 #ifdef WOLFSSL_SMALL_STACK
1959 XFREE(z, key->heap, DYNAMIC_TYPE_DH);
1960 XFREE(x, key->heap, DYNAMIC_TYPE_DH);
1961 XFREE(y, key->heap, DYNAMIC_TYPE_DH);
1962 #endif
1963 return MP_INIT_E;
1964 }
1965
1966 if (mp_read_unsigned_bin(x, priv, privSz) != MP_OKAY)
1967 ret = MP_READ_E;
1968
1969 if (ret == 0 && mp_read_unsigned_bin(y, otherPub, pubSz) != MP_OKAY)
1970 ret = MP_READ_E;
1971
1972 if (ret == 0 && mp_exptmod(y, x, &key->p, z) != MP_OKAY)
1973 ret = MP_EXPTMOD_E;
1974
1975 /* make sure z is not one (SP800-56A, 5.7.1.1) */
1976 if (ret == 0 && (mp_cmp_d(z, 1) == MP_EQ))
1977 ret = MP_VAL;
1978
1979 if (ret == 0 && mp_to_unsigned_bin(z, agree) != MP_OKAY)
1980 ret = MP_TO_E;
1981
1982 if (ret == 0)
1983 *agreeSz = mp_unsigned_bin_size(z);
1984
1985 mp_clear(z);
1986 mp_clear(y);
1987 mp_forcezero(x);
1988#endif
1989
1990#ifdef WOLFSSL_SMALL_STACK
1991#ifndef WOLFSSL_SP_MATH
1992 XFREE(z, key->heap, DYNAMIC_TYPE_DH);
1993 XFREE(x, key->heap, DYNAMIC_TYPE_DH);
1994#endif
1995 XFREE(y, key->heap, DYNAMIC_TYPE_DH);
1996#endif
1997
1998 return ret;
1999}
2000
2001#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_DH)
2002static int wc_DhAgree_Async(DhKey* key, byte* agree, word32* agreeSz,
2003 const byte* priv, word32 privSz, const byte* otherPub, word32 pubSz)
2004{
2005 int ret;
2006
2007#if defined(HAVE_INTEL_QA)
2008 word32 pBits;
2009
2010 /* QAT DH sizes: 768, 1024, 1536, 2048, 3072 and 4096 bits */
2011 pBits = mp_unsigned_bin_size(&key->p) * 8;
2012 if (pBits == 768 || pBits == 1024 || pBits == 1536 ||
2013 pBits == 2048 || pBits == 3072 || pBits == 4096) {
2014 ret = wc_mp_to_bigint(&key->p, &key->p.raw);
2015 if (ret == MP_OKAY)
2016 ret = IntelQaDhAgree(&key->asyncDev, &key->p.raw,
2017 agree, agreeSz, priv, privSz, otherPub, pubSz);
2018 return ret;
2019 }
2020
2021#elif defined(HAVE_CAVIUM)
2022 /* TODO: Not implemented - use software for now */
2023
2024#else /* WOLFSSL_ASYNC_CRYPT_TEST */
2025 if (wc_AsyncTestInit(&key->asyncDev, ASYNC_TEST_DH_AGREE)) {
2026 WC_ASYNC_TEST* testDev = &key->asyncDev.test;
2027 testDev->dhAgree.key = key;
2028 testDev->dhAgree.agree = agree;
2029 testDev->dhAgree.agreeSz = agreeSz;
2030 testDev->dhAgree.priv = priv;
2031 testDev->dhAgree.privSz = privSz;
2032 testDev->dhAgree.otherPub = otherPub;
2033 testDev->dhAgree.pubSz = pubSz;
2034 return WC_PENDING_E;
2035 }
2036#endif
2037
2038 /* otherwise use software DH */
2039 ret = wc_DhAgree_Sync(key, agree, agreeSz, priv, privSz, otherPub, pubSz);
2040
2041 return ret;
2042}
2043#endif /* WOLFSSL_ASYNC_CRYPT */
2044
2045int wc_DhAgree(DhKey* key, byte* agree, word32* agreeSz, const byte* priv,
2046 word32 privSz, const byte* otherPub, word32 pubSz)
2047{
2048 int ret = 0;
2049
2050 if (key == NULL || agree == NULL || agreeSz == NULL || priv == NULL ||
2051 otherPub == NULL) {
2052 return BAD_FUNC_ARG;
2053 }
2054
2055#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_DH)
2056 if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_DH) {
2057 ret = wc_DhAgree_Async(key, agree, agreeSz, priv, privSz, otherPub, pubSz);
2058 }
2059 else
2060#endif
2061 {
2062 ret = wc_DhAgree_Sync(key, agree, agreeSz, priv, privSz, otherPub, pubSz);
2063 }
2064
2065 return ret;
2066}
2067
2068#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
2069/* Sets private and public key in DhKey if both are available, otherwise sets
2070 either private or public key, depending on which is available.
2071 Returns WOLFSSL_SUCCESS if at least one of the keys was set. */
2072WOLFSSL_LOCAL int wc_DhSetFullKeys(DhKey* key,const byte* priv_key,word32 privSz,
2073 const byte* pub_key, word32 pubSz)
2074{
2075 byte havePriv = 0;
2076 byte havePub = 0;
2077 mp_int* keyPriv = NULL;
2078 mp_int* keyPub = NULL;
2079
2080 if (key == NULL) {
2081 return BAD_FUNC_ARG;
2082 }
2083
2084 havePriv = ( (priv_key != NULL) && (privSz > 0) );
2085 havePub = ( (pub_key != NULL) && (pubSz > 0) );
2086
2087 if (!havePub && !havePriv) {
2088 WOLFSSL_MSG("No Public or Private Key to Set");
2089 return BAD_FUNC_ARG;
2090 }
2091 /* Set Private Key */
2092 if (havePriv == TRUE) {
2093 /* may have leading 0 */
2094 if (priv_key[0] == 0) {
2095 privSz--; priv_key++;
2096 }
2097 if (mp_init(&key->priv) != MP_OKAY)
2098 havePriv = FALSE;
2099 }
2100
2101 if (havePriv == TRUE) {
2102 if (mp_read_unsigned_bin(&key->priv, priv_key, privSz) != MP_OKAY) {
2103 havePriv = FALSE;
2104 } else {
2105 keyPriv = &key->priv;
2106 WOLFSSL_MSG("DH Private Key Set.");
2107 }
2108 }
2109
2110 /* Set Public Key */
2111 if (havePub == TRUE) {
2112 /* may have leading 0 */
2113 if (pub_key[0] == 0) {
2114 pubSz--; pub_key++;
2115 }
2116 if (mp_init(&key->pub) != MP_OKAY)
2117 havePub = FALSE;
2118 }
2119
2120 if (havePub == TRUE) {
2121 if (mp_read_unsigned_bin(&key->pub, pub_key, pubSz) != MP_OKAY) {
2122 havePub = FALSE;
2123 } else {
2124 keyPub = &key->pub;
2125 WOLFSSL_MSG("DH Public Key Set.");
2126 }
2127 }
2128 /* Free Memory if error occured */
2129 if (havePriv == FALSE && keyPriv != NULL)
2130 mp_clear(keyPriv);
2131 if (havePub == FALSE && keyPub != NULL)
2132 mp_clear(keyPub);
2133
2134 /* WOLFSSL_SUCCESS if private or public was set else WOLFSSL_FAILURE */
2135 return havePriv || havePub;
2136}
2137#endif
2138
2139static int _DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g,
2140 word32 gSz, const byte* q, word32 qSz, int trusted,
2141 WC_RNG* rng)
2142{
2143 int ret = 0;
2144 mp_int* keyP = NULL;
2145 mp_int* keyG = NULL;
2146
2147 if (key == NULL || p == NULL || g == NULL || pSz == 0 || gSz == 0) {
2148 ret = BAD_FUNC_ARG;
2149 }
2150
2151 if (ret == 0) {
2152 /* may have leading 0 */
2153 if (p[0] == 0) {
2154 pSz--; p++;
2155 }
2156
2157 if (g[0] == 0) {
2158 gSz--; g++;
2159 }
2160
2161 if (q != NULL) {
2162 if (q[0] == 0) {
2163 qSz--; q++;
2164 }
2165 }
2166
2167 if (mp_init(&key->p) != MP_OKAY)
2168 ret = MP_INIT_E;
2169 }
2170
2171 if (ret == 0) {
2172 if (mp_read_unsigned_bin(&key->p, p, pSz) != MP_OKAY)
2173 ret = ASN_DH_KEY_E;
2174 else
2175 keyP = &key->p;
2176 }
2177
2178 if (ret == 0 && !trusted) {
2179 int isPrime = 0;
2180 if (rng != NULL)
2181 ret = mp_prime_is_prime_ex(keyP, 8, &isPrime, rng);
2182 else
2183 ret = mp_prime_is_prime(keyP, 8, &isPrime);
2184
2185 if (ret == 0 && isPrime == 0)
2186 ret = DH_CHECK_PUB_E;
2187 }
2188
2189 if (ret == 0 && mp_init(&key->g) != MP_OKAY)
2190 ret = MP_INIT_E;
2191 if (ret == 0) {
2192 if (mp_read_unsigned_bin(&key->g, g, gSz) != MP_OKAY)
2193 ret = ASN_DH_KEY_E;
2194 else
2195 keyG = &key->g;
2196 }
2197
2198 if (ret == 0 && q != NULL) {
2199 if (mp_init(&key->q) != MP_OKAY)
2200 ret = MP_INIT_E;
2201 }
2202 if (ret == 0 && q != NULL) {
2203 if (mp_read_unsigned_bin(&key->q, q, qSz) != MP_OKAY)
2204 ret = MP_INIT_E;
2205 }
2206
2207 if (ret != 0 && key != NULL) {
2208 if (keyG)
2209 mp_clear(keyG);
2210 if (keyP)
2211 mp_clear(keyP);
2212 }
2213
2214 return ret;
2215}
2216
2217
2218int wc_DhSetCheckKey(DhKey* key, const byte* p, word32 pSz, const byte* g,
2219 word32 gSz, const byte* q, word32 qSz, int trusted,
2220 WC_RNG* rng)
2221{
2222 return _DhSetKey(key, p, pSz, g, gSz, q, qSz, trusted, rng);
2223}
2224
2225
2226int wc_DhSetKey_ex(DhKey* key, const byte* p, word32 pSz, const byte* g,
2227 word32 gSz, const byte* q, word32 qSz)
2228{
2229 return _DhSetKey(key, p, pSz, g, gSz, q, qSz, 1, NULL);
2230}
2231
2232
2233/* not in asn anymore since no actual asn types used */
2234int wc_DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g,
2235 word32 gSz)
2236{
2237 return _DhSetKey(key, p, pSz, g, gSz, NULL, 0, 1, NULL);
2238}
2239
2240
2241#ifdef WOLFSSL_KEY_GEN
2242
2243/* modulus_size in bits */
2244int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh)
2245{
2246 mp_int tmp, tmp2;
2247 int groupSz = 0, bufSz = 0,
2248 primeCheckCount = 0,
2249 primeCheck = MP_NO,
2250 ret = 0;
2251 unsigned char *buf = NULL;
2252
2253 if (rng == NULL || dh == NULL)
2254 ret = BAD_FUNC_ARG;
2255
2256 /* set group size in bytes from modulus size
2257 * FIPS 186-4 defines valid values (1024, 160) (2048, 256) (3072, 256)
2258 */
2259 if (ret == 0) {
2260 switch (modSz) {
2261 case 1024:
2262 groupSz = 20;
2263 break;
2264 case 2048:
2265 case 3072:
2266 groupSz = 32;
2267 break;
2268 default:
2269 ret = BAD_FUNC_ARG;
2270 break;
2271 }
2272 }
2273
2274 if (ret == 0) {
2275 /* modulus size in bytes */
2276 modSz /= WOLFSSL_BIT_SIZE;
2277 bufSz = modSz - groupSz;
2278
2279 /* allocate ram */
2280 buf = (unsigned char *)XMALLOC(bufSz,
2281 dh->heap, DYNAMIC_TYPE_TMP_BUFFER);
2282 if (buf == NULL)
2283 ret = MEMORY_E;
2284 }
2285
2286 /* make a random string that will be multiplied against q */
2287 if (ret == 0)
2288 ret = wc_RNG_GenerateBlock(rng, buf, bufSz);
2289
2290 if (ret == 0) {
2291 /* force magnitude */
2292 buf[0] |= 0xC0;
2293 /* force even */
2294 buf[bufSz - 1] &= ~1;
2295
2296 if (mp_init_multi(&tmp, &tmp2, &dh->p, &dh->q, &dh->g, 0)
2297 != MP_OKAY) {
2298 ret = MP_INIT_E;
2299 }
2300 }
2301
2302 if (ret == 0) {
2303 if (mp_read_unsigned_bin(&tmp2, buf, bufSz) != MP_OKAY)
2304 ret = MP_READ_E;
2305 }
2306
2307 /* make our prime q */
2308 if (ret == 0) {
2309 if (mp_rand_prime(&dh->q, groupSz, rng, NULL) != MP_OKAY)
2310 ret = PRIME_GEN_E;
2311 }
2312
2313 /* p = random * q */
2314 if (ret == 0) {
2315 if (mp_mul(&dh->q, &tmp2, &dh->p) != MP_OKAY)
2316 ret = MP_MUL_E;
2317 }
2318
2319 /* p = random * q + 1, so q is a prime divisor of p-1 */
2320 if (ret == 0) {
2321 if (mp_add_d(&dh->p, 1, &dh->p) != MP_OKAY)
2322 ret = MP_ADD_E;
2323 }
2324
2325 /* tmp = 2q */
2326 if (ret == 0) {
2327 if (mp_add(&dh->q, &dh->q, &tmp) != MP_OKAY)
2328 ret = MP_ADD_E;
2329 }
2330
2331 /* loop until p is prime */
2332 if (ret == 0) {
2333 do {
2334 if (mp_prime_is_prime_ex(&dh->p, 8, &primeCheck, rng) != MP_OKAY)
2335 ret = PRIME_GEN_E;
2336
2337 if (primeCheck != MP_YES) {
2338 /* p += 2q */
2339 if (mp_add(&tmp, &dh->p, &dh->p) != MP_OKAY)
2340 ret = MP_ADD_E;
2341 else
2342 primeCheckCount++;
2343 }
2344 } while (ret == 0 && primeCheck == MP_NO);
2345 }
2346
2347 /* tmp2 += (2*loop_check_prime)
2348 * to have p = (q * tmp2) + 1 prime
2349 */
2350 if ((ret == 0) && (primeCheckCount)) {
2351 if (mp_add_d(&tmp2, 2 * primeCheckCount, &tmp2) != MP_OKAY)
2352 ret = MP_ADD_E;
2353 }
2354
2355 /* find a value g for which g^tmp2 != 1 */
2356 if ((ret == 0) && (mp_set(&dh->g, 1) != MP_OKAY))
2357 ret = MP_ZERO_E;
2358
2359 if (ret == 0) {
2360 do {
2361 if (mp_add_d(&dh->g, 1, &dh->g) != MP_OKAY)
2362 ret = MP_ADD_E;
2363 else if (mp_exptmod(&dh->g, &tmp2, &dh->p, &tmp) != MP_OKAY)
2364 ret = MP_EXPTMOD_E;
2365 } while (ret == 0 && mp_cmp_d(&tmp, 1) == MP_EQ);
2366 }
2367
2368 if (ret == 0) {
2369 /* at this point tmp generates a group of order q mod p */
2370 mp_exch(&tmp, &dh->g);
2371 }
2372
2373 /* clear the parameters if there was an error */
2374 if ((ret != 0) && (dh != NULL)) {
2375 mp_clear(&dh->q);
2376 mp_clear(&dh->p);
2377 mp_clear(&dh->g);
2378 }
2379
2380 if (buf != NULL) {
2381 ForceZero(buf, bufSz);
2382 if (dh != NULL) {
2383 XFREE(buf, dh->heap, DYNAMIC_TYPE_TMP_BUFFER);
2384 }
2385 }
2386 mp_clear(&tmp);
2387 mp_clear(&tmp2);
2388
2389 return ret;
2390}
2391
2392
2393/* Export raw DH parameters from DhKey structure
2394 *
2395 * dh - pointer to initialized DhKey structure
2396 * p - output location for DH (p) parameter
2397 * pSz - [IN/OUT] size of output buffer for p, size of p
2398 * q - output location for DH (q) parameter
2399 * qSz - [IN/OUT] size of output buffer for q, size of q
2400 * g - output location for DH (g) parameter
2401 * gSz - [IN/OUT] size of output buffer for g, size of g
2402 *
2403 * If p, q, and g pointers are all passed in as NULL, the function
2404 * will set pSz, qSz, and gSz to the required output buffer sizes for p,
2405 * q, and g. In this case, the function will return LENGTH_ONLY_E.
2406 *
2407 * returns 0 on success, negative upon failure
2408 */
2409int wc_DhExportParamsRaw(DhKey* dh, byte* p, word32* pSz,
2410 byte* q, word32* qSz, byte* g, word32* gSz)
2411{
2412 int ret = 0;
2413 word32 pLen = 0, qLen = 0, gLen = 0;
2414
2415 if (dh == NULL || pSz == NULL || qSz == NULL || gSz == NULL)
2416 ret = BAD_FUNC_ARG;
2417
2418 /* get required output buffer sizes */
2419 if (ret == 0) {
2420 pLen = mp_unsigned_bin_size(&dh->p);
2421 qLen = mp_unsigned_bin_size(&dh->q);
2422 gLen = mp_unsigned_bin_size(&dh->g);
2423
2424 /* return buffer sizes and LENGTH_ONLY_E if buffers are NULL */
2425 if (p == NULL && q == NULL && g == NULL) {
2426 *pSz = pLen;
2427 *qSz = qLen;
2428 *gSz = gLen;
2429 ret = LENGTH_ONLY_E;
2430 }
2431 }
2432
2433 if (ret == 0) {
2434 if (p == NULL || q == NULL || g == NULL)
2435 ret = BAD_FUNC_ARG;
2436 }
2437
2438 /* export p */
2439 if (ret == 0) {
2440 if (*pSz < pLen) {
2441 WOLFSSL_MSG("Output buffer for DH p parameter too small, "
2442 "required size placed into pSz");
2443 *pSz = pLen;
2444 ret = BUFFER_E;
2445 }
2446 }
2447
2448 if (ret == 0) {
2449 *pSz = pLen;
2450 if (mp_to_unsigned_bin(&dh->p, p) != MP_OKAY)
2451 ret = MP_TO_E;
2452 }
2453
2454 /* export q */
2455 if (ret == 0) {
2456 if (*qSz < qLen) {
2457 WOLFSSL_MSG("Output buffer for DH q parameter too small, "
2458 "required size placed into qSz");
2459 *qSz = qLen;
2460 ret = BUFFER_E;
2461 }
2462 }
2463
2464 if (ret == 0) {
2465 *qSz = qLen;
2466 if (mp_to_unsigned_bin(&dh->q, q) != MP_OKAY)
2467 ret = MP_TO_E;
2468 }
2469
2470 /* export g */
2471 if (ret == 0) {
2472 if (*gSz < gLen) {
2473 WOLFSSL_MSG("Output buffer for DH g parameter too small, "
2474 "required size placed into gSz");
2475 *gSz = gLen;
2476 ret = BUFFER_E;
2477 }
2478 }
2479
2480 if (ret == 0) {
2481 *gSz = gLen;
2482 if (mp_to_unsigned_bin(&dh->g, g) != MP_OKAY)
2483 ret = MP_TO_E;
2484 }
2485
2486 return ret;
2487}
2488
2489#endif /* WOLFSSL_KEY_GEN */
2490
2491#endif /* NO_DH */
Note: See TracBrowser for help on using the repository browser.